Free Hosting Online for WorkStations

< Previous | Contents | Next >

Commands‌


The major options for interacting with chains are listed below:

-L chain lists the rules in the chain. This is commonly used with the -n option to disable name resolution (for example, iptables -n -L INPUT will display the rules related to in- coming packets).

-N chain creates a new chain. You can create new chains for a number of purposes, including testing a new network service or fending off a network attack.

-X chain deletes an empty and unused chain (for example, iptables -X ddos-attack).

-A chain rule adds a rule at the end of the given chain. Remember that rules are processed from top to bottom so be sure to keep this in mind when adding rules.

-I chain rule_num rule inserts a rule before the rule number rule_num. As with the -A option, keep the processing order in mind when inserting new rules into a chain.

-D chain rule_num (or -D chain rule) deletes a rule in a chain; the first syntax identifies the rule to be deleted by its number (iptables -L --line-numbers will display these num- bers), while the latter identifies it by its contents.

-F chain flushes a chain (deletes all its rules). For example, to delete all of the rules related to outgoing packets, you would run iptables -F OUTPUT. If no chain is mentioned, all the rules in the table are deleted.

-P chain action defines the default action, or “policy” for a given chain; note that only stan- dard chains can have such a policy. To drop all incoming traffic by default, you would run iptables -P INPUT DROP.


Top OS Cloud Computing at OnWorks: