Red Hat ENTERPRISE LINUX 3 Reference Manual page 274

256
17.3.2. Command Options
Command options instruct
allowed per
iptables
in upper-case characters.
The commands are as follows:
iptables
— Appends the
• -A
add a rule when rule order in the chain does not matter.
— Checks a particular rule before adding it to the user-specified chain. This command can
• -C
help you construct complicated
options.
— Deletes a rule in a particular chain by number (such as
• -D
can also type the entire rule, and
— Renames a user-defined chain. This does not affect the structure of the table.
• -E
— Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain
• -F
is specified, this command flushes every rule from every chain.
— Provides a list of command structures, as well as a quick summary of command parameters
• -h
and options.
— Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is
• -I
specified,
iptables
Caution
Be aware when using the
for determining which rules apply to which packets.
— Lists all of the rules in the chain specified after the command. To list all rules in all chains in
• -L
the default
filter
be used to list the rules in a specific chain in a particular table:
iptables -L chain-name
Additional options for the
rule descriptions are described in Section 17.3.6 Listing Options.
— Creates a new chain with a user-specified name.
•
-N
— Sets the default policy for the specified chain, so that when packets traverse an entire chain
•
-P
without matching a rule, they are sent on to the specified target, such as ACCEPT or DROP.
— Replaces a rule in the specified chain. The rule's number must be specified after the chain's
• -R
name. The first rule in a chain corresponds to rule number one.
— Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed.
• -X
— Zeros the byte and packet counters in all chains for a table.
• -Z
17.3.3.
iptables
Once certain
iptables
or replace rules within a particular chain, parameters are required to construct a packet filtering rule.
— Resets the counters for a particular rule. This parameter accepts the
• -c
to specify what counter to reset.
to perform a specific action. Only one command option is
iptables
command. With the exception of the help command, all commands are written
rule to the end of the specified chain. This is the command used to
iptables
iptables
iptables
places the command at the top of the chain.
or option that the order of the rules within a chain are important
-A -I
table, do not specify a chain or table. Otherwise, the following syntax should
-t table-name
command option which provide rule numbers and allow more verbose
-L
Parameter Options
commands are specified, including those used to add, append, delete, insert,
rules by prompting you for additional parameters and
5
deletes the rule in the chain that matches it.
iptables
Chapter 17.
for the fifth rule in a chain). You
and
PKTS BYTES
options