Chapter 13. Firewalls and
iptables
175
  log prefix
  Places a string before the log line when it is written. Accepts up to 29
characters after the
  log prefix
option. This is useful for writing syslog filters for use in
conjunction with packet logging.
  log tcp options
  Any options set in the header of a TCP packet is logged
  log tcp sequence
  Writes the TCP sequence number for the packet in the log.
  REJECT
  Sends an error packet back to the system which sent the packet, and then drops the
packet. This target is useful if you would like to notify the system sending the matching packet of
the problem.
The
REJECT
target accepts a
  reject with
type
option which allows more detailed infor 
r
s
mation to be sent with the error packet. The message
port unreachable
is the default
type
r
s
error given if no other option is used. For a full list of
type
options that can be used, see the
r
s
iptables
man page.
Other target extensions, including several that are useful with masquerading using the
nat
table or
with packet alteration using the
mangle
table, can be found in the
iptables
man page.
13.3.7. Listing Options
The default list command,
iptables  L
, provides a very basic overview of the default filter table's
current chains. Additional options provide more information and arrange that information in specific
ways:
   v
  Display verbose output, such as the number of packets and bytes each chain has seen, the
number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
   x
  Expands numbers into their exact values. On a busy system, the number of packets and
bytes seen by a particular chain or rule may be abbreviated using
K
(thousands),
M
(millions), and
G
(billions) at the end of the number. This option forces the full number to be displayed.
   n
  Displays IP addresses and port numbers in numeric format, rather than the default hostname
and network service format.
    line numbers
  Lists rules in each chain next to their numeric order in the chain. This option
is useful when attempting to delete a specific rule in a chain, or to locate where to insert a rule
within a chain.
13.4. Storing
iptables
Information
Rules created with the
iptables
command are stored in RAM only. If you restart your system after
setting up
iptables
rules, they will be lost. So in order for netfilter rules to persist through system
reboot, you need to save them to the
/etc/sysconfig/iptables
file.
To do this, type the
/sbin/service iptables save
command as the root user. This causes the
iptables
init script to run the
/sbin/iptables save
program and write the current
iptables
configuration to the
/etc/sysconfig/iptables
file. This file should only be readable by root, so
your packet filtering rules are not viewable by average users.
The next time the system boots, the
iptables
init script will reapply the rules saved in
/etc/sysconfig/iptables
by using the
/sbin/iptables restore
command.
While it is always a good idea to test a new
iptables
rule before committing it to the
/etc/sysconfig/iptables
file, it is possible to copy
iptables
rules into this file from another






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved