Chinaunix首页 | 论坛 | 博客
  • 博客访问: 293447
  • 博文数量: 82
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 874
  • 用 户 组: 普通用户
  • 注册时间: 2015-03-21 09:58
个人简介

traveling in cumputer science!!

文章分类

全部博文(82)

文章存档

2016年(13)

2015年(69)

我的朋友

分类: LINUX

2015-03-22 11:17:53

I learn the iptables when I want to set the firewall in ubuntu.
First :
    The iptables is one tool which is used to set the "netfilter" by user or system.

    like the image below:
    
Second:
    the rules constitute chains, and chains constitute tables. The iptables is used to set/maintain/inspect tables.
Each chain is a list of rules which can match a set of packets.  Each rule specifies what to do with a packet that matches. 

Third:parameters
    -A, --append chain rule-specification
              Append  one  or more rules to the end of the selected chain.
#******************#
    -j, --jump target
              This specifies the target of the rule; i.e., what to do if the packet matches it.

#******************#
    -p   (small)--protocol protocol
              The protocol of the rule or of the packet to check.
    -P   (big)--policy chain target
              Set  the  policy  for  the chain to the given target.  See the section TARGETS for the legal targets. 
#******************#
    -t, --table table
              This  option  specifies  the  packet matching table which the command should operate on.
                The tables are as follows:filter/ nat/ mangle/ raw/ security
#******************#
    -x    (small)--exact
              Expand  numbers. 
    -X    (big)--delete-chain [chain]
              Delete  the  optional  user-defined chain specified.
#******************#
    -m    --match match
              Specifies  a  match  to  use,  that is, an extension module that
              tests for a specific property.
#******************#
    --sport    source port
    --dport    destination port
        For example:
            /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
                That is to say allow external visit local by local 80 port
            /sbin/iptables -A INPUT -p tcp --sport 80 -j ACCEPT 
                That is to say allow external visit local from external 80 port




    
阅读(957) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~