Rules - Red Hat ENTERPRISE LINUX 3 Reference Manual

iptables
Chapter 17.
The target accepts
REJECT
allowing more detailed information to be sent back with the error packet. The message
port-unreachable
of options, refer to the
type
Other target extensions, including several that are useful for IP masquerading using the
with packet alteration using the
17.3.6. Listing Options
The default list command,
current chains. Additional options provide more information:
— Displays verbose output, such as the number of packets and bytes each chain has seen, the
• -v
number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
— Expands numbers into their exact values. On a busy system, the number of packets and
• -x
bytes seen by a particular chain or rule may be abbreviated using
(billions) at the end of the number. This option forces the full number to be displayed.
— Displays IP addresses and port numbers in numeric format, rather than the default hostname
• -n
and network service format.
• --line-numbers
is useful when attempting to delete the specific rule in a chain or to locate where to insert a rule
within a chain.
— Specifies a table name.
• -t
17.4. Saving
iptables
Rules created with the
saving the
iptables
they need to be saved. To do this, log in as root and type:
/sbin/service iptables save
This executes the
iptables
writes the current
/etc/sysconfig/iptables
The next time the system boots, the
/etc/sysconfig/iptables
While it is always a good idea to test a new
/etc/sysconfig/iptables
system's version of this file. This provides a quick way to distribute sets of
multiple machines.
Important
If distributing the
for the new rules take effect.
restart
--reject-with
is the default
type
iptables
table, can be found in the
mangle
iptables -L
— Lists rules in each chain next to their numeric order in the chain. This option

Rules

command are stored in memory. If the system is restarted before
iptables
rule set, all rules will be lost. For netfilter rules to persist through system reboot,
init script, which runs the
configuration to
iptables
file is saved as
by using the
file, it is possible to copy
/etc/sysconfig/iptables
(where
type
error given if no other option is used. For a full list
man page.
, provides a very basic overview of the default filter table's
/sbin/iptables-save
/etc/sysconfig/iptables
/etc/sysconfig/iptables.save
init script reapplies the rules saved in
iptables
/sbin/iptables-restore
iptables
iptables
file to other machines, type
is the rejection type)
type
man page.
iptables
(thousands), (millions), and
K M
. The existing
.
command.
rule before committing it to the
rules into this file from another
iptables
/sbin/service iptables
261
table or
nat
G
program and
rules to