1, specify the table
FILTER is a default table, NAT table, and mangle table
2, specify the operation command
Add, delete, update
3, specified chain
Operate pack filtrate firewall Input, Output, Forward. It is also possible to manipulate yourself.
4, specify the rule match
Various rules match. Such as IP, port, package type
5, specify the target action
Accept indicates that the reject of the DROP is discarded
Log represents the information of the package is recorded the TOS value of the log TOS to write a package
Usage:
iptables [-t table] cmd [chain] [rule-matcher] [- j target]
CMD:
-A adds one or more rules to the tail of the selected chain
-D delete
-R replacement
-I insertion
-L lists all rules
-F clear
-N creation
-X Delete the specified user-defined chain
-P The default rule specified for permanent chain
-C Checks if a given package matches the rules of the specified chain
-Z Clear the package-by-chetmoker number of all rules in the specified chain
-h display help information
//example
# Touch /etc/rc.d/filter-firewall
//
IPT = / sbin / iptables
WWWSERVER = "192.168.168.119"
FTPServer = "192.168.168.119"
Iprange = "192.168.168.0/24"
$ IPT -F
$ Ipt -p forward drop
$ Ipt -a forward -p tcp -d $ wwwserver --dport www -i eth0 -j acidpt
$ Ipt -a forward -p tcp -d $ ftpserver --dport ftp -i eth0 -j accept
$ Ipt -a input -s 192.168.168.81 -i eth0 -j drop
