검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.2. Using iptables

download PDF
The first step in using iptables is to start the iptables service. This can be done with the command:
service iptables start

Warning

The ip6tables services should be turned off to use the iptables service with the following commands:
service ip6tables stop
chkconfig ip6tables off
To make iptables start by default whenever the system is booted, you must change runlevel status on the service using chkconfig.
chkconfig --level 345 iptables on
The syntax of iptables is separated into tiers. The main tier is the chain. A chain specifies the state at which a packet is manipulated. The usage is as follows:
iptables -A chain -j target
The -A option appends a rule at the end of an existing ruleset. The chain is the name of the chain for a rule. The three built-in chains of iptables (that is, the chains that affect every packet which traverses a network) are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The -j target option specifies the location in the iptables ruleset where this particular rule should jump. Some built in targets are ACCEPT, DROP, and REJECT.
New chains (also called user-defined chains) can be created by using the -N option. Creating a new chain is useful for customizing granular or elaborate rules.

7.2.1. Basic Firewall Policies

Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules. iptables uses policies (-P) to create default rules. Security-minded administrators usually elect to drop all packets as a policy and only allow specific packets on a case-by-case basis. The following rules block all incoming and outgoing packets on a network gateway:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Additionally, it is recommended that any forwarded packets — network traffic that is to be routed from the firewall to its destination node — be denied as well, to restrict internal clients from inadvertent exposure to the Internet. To do this, use the following rule:
iptables -P FORWARD DROP
After setting the policy chains, you can create new rules for your particular network and security requirements. The following sections outline some rules you may implement in the course of building your iptables firewall.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.