Moxa DA-681-I-DPP-T-XPE [42/65] Examples

DA-681 Linux Managing Communications

3-12

-F: Flush the selected chain (all the chains in the table if none is listed).

-X: Delete the specified user-defined chain.

-Z: Set the packet and byte counters in all chains to zero.

Examples:

# iptables -L -n

In this example, since we do not use the -t parameter, the system uses the default “filter” table. Three chains

are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted automatically, and all connections

are accepted without being filtered.

# iptables –F

# iptables –X

# iptables -Z

Define Policy for Chain Rules

Usage:

# iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING]

[ACCEPT, DROP]

-P: Set the policy for the chain to the given target.

INPUT: For packets coming into the DA-681-I-LX.

OUTPUT: For locally-generated packets.

FORWARD: For packets routed out through the DA-681-I-LX.

PREROUTING: To alter packets as soon as they come in.

POSTROUTING: To alter packets as they are about to be sent out.

Examples:

#iptables –P INPUT DROP

#iptables –P OUTPUT ACCEPT

#iptables –P FORWARD ACCEPT

#iptables –t nat –P PREROUTING ACCEPT

#iptables –t nat –P OUTPUT ACCEPT

#iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or Delete Rules

Usage:

# iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp, all] [-s

IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A: Append one or more rules to the end of the selected chain.

-I: Insert one or more rules in the selected chain as the given rule number.

-i: Name of an interface via which a packet is going to be received.

-o: Name of an interface via which a packet is going to be sent.

-p: The protocol of the rule or of the packet to check.

-s: Source address (network name, host name, network IP address, or plain IP address).