Use user space command iptables to implement packet filtering
1. Open the package forward function of the kernel
# echo "
1"
> / froc / sys / net / ipv4 / ip_forward
Or modify / etc / sysconfig / network
Change forward_IPv4 = false is Forward_IPv4 = TRUE
2, iptables rule elements
A iptables rule basically contains 5 elements
-> Specify table (Table) Filter, Nat, Mangle filtering Using Filter
-> Specify an action command (Command) Add, delete, update
-> Specifying Chain (Chains) Input, Output, Forward
-> Specify Rule Matcher (Matcher)
-> Specify Target Action (Target) Accept, Drop, Reject, Log, TOS
Note: The instructions in iptables need to be case sensitive.
3, simplified form of iptables grammar
iptables [-t table] cmd [chain] [rule-matcher] [-j target]
TABLE is a table name, cmd is an operational instruction, chain is the chain name, rule-matcher as a rule match, target action
4, formulate permanent rules
Save and restore rule sets, use the following command to dump the kernel rules set in memory
/ etc / sysconfig / iptables is the default rule set file for iptables daemon calls
# / sbin / iptables-save> / etc / sysconfig / iptables
// Restore the original rule set
# / sbin / iptables-restore
Let iptables can be used in the next startup
(1) Use iptables to start script implementation /etc/rc.d/init.d/iptables
Save the rules using the following command
# Service iptables save
(2) Creating a rule set directly with the iptables command in a custom script, execute this script: / etc / fw / rules during startup: / etc / fw / rules
Add to the startup script to join /etc/rc.d/rc.local
IF [-x / etc / fw / rules]; thein / etc / fw / rules; fi;
It is recommended to use the ntsysv command to turn off the iptables daemon.
