Understood the basic idea of Iptables and use, we begin to use Iptables formally to found our firewall below. The method that start and stops Iptables depends on uses Linux is issued edition, you can examine the documentation of an use Linux version. In Red Hat, the Iptables that start uses:
#service Iptables Start
Usually, iptables has been included was in Linux is issued in edition, can run Iptables- - Version will examined a system to whether install Iptables. In the Fedora Core 1 that uses in me, the version of installation is Iptables V1.2.8. If your system does not have installation Iptables really, can download from the following address so: Http://www.netfilter.org/
Examine regular volume
Although above paragraphs makes a simple introduction to the usage of Iptables, but we may need to know more complete information in reality, at this moment the complete introduction that we can run Man Iptables to examine all commands and option, also can run Iptables Help to examine a fast help. Some Iptables program volume show in wanting to examine a system, can run the following command: Iptables List
The appearance of the Iptables when planning without the definition is below:
Chain INPUT (policy ACCEPT)Target Prot Opt Source Destination
Chain FORWARD (policy ACCEPT)Target Prot Opt Source Destination
Chain OUTPUT (policy ACCEPT)Target Prot Opt Source Destination
If the example place above is shown, each data bag should adopt 3 built-in chain (one of INPUT, OUTPUT and FORWARD) . Filter is the most commonly used watch, above paragraphs place shows the basic grammar that sets all watch regulation: Iptables [-t Table] Command [match] [target] .
In reality, must not use all option that here lists, also not be certainly with this order. Of course, this is a kind of convention, because regulation is general longer, for clear for the purpose of, best can according to this order.
Below the case that did not assign regular table, the Filter that uses when default is expressed. 3 the most commonly used in Filter watch targets are ACCEPT, DROP and REJECT. DROP can discard data bag, undertake any processing to its no longer. REJECT is met make mistake information is deferent to the lead plane that sends data package. Although can have the effect that a few expect are less than sometimes, but it is very useful that in a lot of moment it is returned.
Increase regulation
The regulation in this exemple will be prevented come from some the data bag inside specific IP limits, the aggressor that is suspected to have a large number of ill will by the administrator because of limits of this IP address is in activity:
# Iptables -t Filter -A INPUT -s 123.456.789.0/24 -j DROP
Want to know the parameter with concerned detailed Iptables and order pattern, use Man Iptables to examine please. Can say, the baleful aggressor that we get on to the network now already detest, but after all, we because hate them,also cannot execute simple retaliation to its with same method, at least this kind of thing cannot happen in your network. Accordingly, we are OK also very prevent all data bags that flow to aggressor IP address easily, this command just also has a bit different:
Previous12 Next

Previous:Look for the serial number SN of a DREAMWEAVER3
Next：Identify strengths and weaknesses of several hardware firewall performance stand