I learn the iptables when I want to set the firewall in ubuntu.
First :
The iptables is one tool which is used to set the "netfilter" by user or system.
like the image below:
Second:
the rules constitute chains, and chains constitute tables. The iptables is used to set/maintain/inspect tables.
Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches.
Third:parameters
-A, --append chain rule-specification
Append one or more rules to the end of the selected chain.
#******************#
-j, --jump target
This specifies the target of the rule; i.e., what to do if the packet matches it.
#******************#
-p (small)--protocol protocol
The protocol of the rule or of the packet to check.
-P (big)--policy chain target
Set the policy for the chain to the given target. See the section TARGETS for the legal targets.
#******************#
-t, --table table
This option specifies the packet matching table which the command should operate on.
The tables are as follows:filter/ nat/ mangle/ raw/ security
#******************#
-x (small)--exact
Expand numbers.
-X (big)--delete-chain [chain]
Delete the optional user-defined chain specified.
#******************#
-m --match match
Specifies a match to use, that is, an extension module that
tests for a specific property.
#******************#
--sport source port
--dport destination port
For example:
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
That is to say allow external visit local by local 80 port
/sbin/iptables -A INPUT -p tcp --sport 80 -j ACCEPT
That is to say allow external visit local from external 80 port
阅读(957) | 评论(0) | 转发(0) |