Книга: Linux Network Administrator Guide, Second Edition
Commands
Commands
There are a number of ways we can manipulate rules and rulesets with the ipchains command. Those relevant to IP firewalling are:
- A chain
Append one or more rules to the end of the nominated chain. If a hostname is supplied as either source or destination and it resolves to more than one IP address, a rule will be added for each address.
- I chain rulenum
Insert one or more rules to the start of the nominated chain. Again, if a hostname is supplied in the rule specification, a rule will be added for each of the addresses it resolves to.
- D chain
Delete one or more rules from the specified chain that matches the rule specification.
- D chain rulenum
Delete the rule residing at position rulenum in the specified chain. Rule positions start at one for the first rule in the chain.
- R chain rulenum
Replace the rule residing at position rulenum in the specific chain with the supplied rule specification.
- C chain
Check the datagram described by the rule specification against the specific chain. This command will return a message describing how the datagram was processed by the chain. This is very useful for testing your firewall configuration, and we look at it in detail a little later.
- L [chain]
List the rules of the specified chain, or for all chains if no chain is specified.
- F [chain]
Flush the rules of the specified chain, or for all chains if no chain is specified.
- Z [chain]
Zero the datagram and byte counters for all rules of the specified chain, or for all chains if no chain is specified.
- N chain
Create a new chain with the specified name. A chain of the same name must not already exist. This is how user-defined chains are created.
- X [chain]
Delete the specified user-defined chain, or all user-defined chains if no chain is specified. For this command to be successful, there must be no references to the specified chain from any other rules chain.
- P chain policy
Set the default policy of the specified chain to the specified policy. Valid firewalling policies are ACCEPT, DENY, REJECT, REDIR, or RETURN. ACCEPT, DENY, and REJECT have the same meanings as those for the tradition IP firewall implementation. REDIR specifies that the datagram should be transparently redirected to a port on the firewall host. The RETURN target causes the IP firewall code to return to the Firewall Chain that called the one containing this rule and continues starting at the rule after the calling rule.
- Appendix A. Detailed explanations of special commands
- Use Essential Commands from the
- Using Basic Print Commands
- Using Commands in the ftpaccess File to Configure wu-ftpd
- Configure Commands Directed Toward the cdpath
- Using Commands for Server Administration
- Basic Commands
- Combining Commands
- Appendix B. U-Boot Configurable Commands
- Appendix C. BusyBox Commands
- 11.3.4. BusyBox Commands
- 14.3.3. gdb User-Defined Commands