Vote

iptables is an interface allowing to configure netfilter which is none other than a firewall management tool integrated to the Linux systems.

Functioning

iptables is operating according to a tables system, these tables are composed of strings.
Any incoming package is analyzed in order to determine, particularly, its source and destination.
It is composed of three kinds of strings :

Allows to analyze incoming packages. If the package is directed to the post, it is faced with the INPUT filter.

Allows to analyze and authorize the frames to pass from an interface to another, only within the framework of a network interface used as a bridge.

Allows to analyze the output packages. If the package gets out of the post, it will pass through the OUTPUT string.

At this table, can be affected policies : DROP, LOG, ACCEPT and REJECT.


Rules execution

There are several methods to activate your firewall rules or to render it active even after a reboot : manually created rules, writing in an executable file, storage in a file called by a script, …

Here are the two most common methods to activate and keep them after reboot:

1st method

Create your script file (you can find an iptables script example in the next paragraph) then turn it into a starting executable :

2nd method

Execute the iptables commands directly from the prompt then make them “persistent” (still active after reboot) :

It includes the arguments save to safeguard the rules, flush to empty all the rules and reload to reload them from the aforementioned files.


Example of stand-alone script

Here is an example of a script to be executable and to load at start up :


Categories: SystemTutorials

JN Community

Les Ressources, en particulier les tutoriaux, présupposent que l’Utilisateur qui décide de les mettre en œuvre dispose des connaissances, des compétences et de l’expérience nécessaire pour cette mise en œuvre. L’Utilisateur disposant d’une connaissance, compétence et/ou expérience limitée ou insuffisante doit absolument s’abstenir de mettre en œuvre les Ressources par lui-même.
Jaguar Network décline toute responsabilité quant aux conséquences dommageables de la mise en œuvre des Ressources, notamment sur les infrastructures informatiques de l’Utilisateur, de ses commettants ou préposés ou de tout tiers.
Il est précisé en tant que de besoin que toute intervention de Jaguar Network visant à réparer les dommages causés par la mise en œuvre des Ressources par un Utilisateur ne disposant pas des connaissances, compétences et/ou expériences suffisantes sera facturée et fera l’objet d’un devis préalable et d’un bon de commande aux conditions des contrats Jaguar Network en vigueur.

Related Posts

System

Installation of a web server LEMP (Linux, Nginx, MySQL, PHP)

Vote The installation of a server LEMP Linux + Nginx + MySQL + PHP might be more useful and efficient than an Apache (server LAMP). Articles similaires

System

Operating load-balancing with HAproxy

Vote HAproxy is a software allowing Load-Balancing between several web servers by allocating requests in an almost transparent way for the user. Articles similaires

System

10 tips to write efficient scripts on Linux

Vote The shell script is the most simple type of programming you would write on Linux. Moreover, it is a necessary skill to automate your system administration tasks, to develop new simple features, … In Read more…