Home
Главная
Moxa
Модули расширения для коммуникационных компьютеров
UC-7101-T-LX
Руководство по программной части Страница: 28

Moxa UC-7101-T-LX [28/46] Append or delete rules

UC-7101/7110/7112 Software User’s Manual Configuring UC-7101/7110/7112

4-6

#iptables –t nat –P PREROUTING ACCEPT

#iptables –t nat –P OUTPUT ACCEPT

#iptables -t nat –P POSTROUTING ACCEPT

In this example, the policy accepts outgoing packets and denies incoming packets.

Append or delete rules:

Usage:

# iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp,

all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP]

-A: Append one or more rules to the end of the selected chain.

-I: Insert one or more rules in the selected chain as the given rule number.

-i: Name of an interface through which a packet will be received.

-o: Name of an interface through which a packet will be sent.

-p: The protocol of the rule or of the packet to check.

-s: Source address (network name, host name, network IP address, or plain IP

address).

--sport: Source port number.

-d: Destination address.

--dport: Destination port number.

-j: Jump target. Specifies the target of the rules; i.e., how to handle matched packets.

For example, ACCEPT the packet, DROP the packet, or LOG the packet.

Examples:

Example 1: Accept all packets from lo interface.

# iptables –A INPUT –i lo –j ACCEPT

Example 2: Accept TCP packets from 192.168.0.1.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.1 –j ACCEPT

Example 3: Accept TCP packets from Class C network 192.168.1.0/24.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.0/24 –j ACCEPT

Example 4: Drop TCP packets from 192.168.1.25.

# iptables –A INPUT –i eth0 –p tcp –s 192.168.1.25 –j DROP

Example 5: Drop TCP packets addressed for port 21.

# iptables –A INPUT –i eth0 –p tcp --dport 21 –j DROP

Example 6: Accept TCP packets from 192.168.0.24 to UC-7101/7110/7112’s port 137, 138, 139

# iptables –A INPUT –i eth0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT

Example 7: Log TCP packets that visit UC-7101/7110/7112’s port 25.

# iptables –A INPUT –i eth0 –p tcp --dport 25 –j LOG

Example 8: Drop all packets from MAC address 01:02:03:04:05:06.

# iptables –A INPUT –i eth0 –p all –m mac –mac-source 01:02:03:04:05:06 –j DROP

NAT

NAT (Network Address Translation) protocol translates IP addresses used on one network into

different IP addresses used on another network. One network is designated the inside network and

the other is the outside network. Typically, the UC-7101/7110/7112 connects several devices on a

network and maps local inside network addresses to one or more global outside IP addresses, and

remaps the global IP addresses on incoming packets back into local IP addresses.

NOTE Click the following link for more information about iptables and NAT:

http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html

Moxa UC-7101-T-LX [28/46] Append or delete rules

Содержание

Похожие устройства