Using Iptables - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 43. Securing Your Network
the ipchains and iptables services should not be activated simultaneously. To make sure
the ipchains service is disabled and configured not to start at boot time, use the following two
commands:
[root@myServer ~] # service ipchains stop
[root@myServer ~] # chkconfig --level 345 ipchains off

43.8.3. Using IPTables

The first step in using iptables is to start the iptables service. Use the following command to start
the iptables service:
[root@myServer ~] # service iptables start
Note
The ip6tables service can be turned off if you intend to use the iptables service only.
If you deactivate the ip6tables service, remember to deactivate the IPv6 network also.
Never leave a network device active without the matching firewall.
To force iptables to start by default when the system is booted, use the following command:
[root@myServer ~] # chkconfig --level 345 iptables on
This forces iptables to start whenever the system is booted into runlevel 3, 4, or 5.
43.8.3.1. IPTables Command Syntax
The following sample iptables command illustrates the basic command syntax:
[root@myServer ~ ] # iptables -A <chain> -j <target>
The -A option specifies that the rule be appended to <chain>. Each chain is comprised of one or more
rules, and is therefore also known as a ruleset.
The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and
cannot be deleted. The chain specifies the point at which a packet is manipulated.
The -j <target> option specifies the target of the rule; i.e., what to do if the packet matches the
rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.
Refer to the iptables man page for more information on the available chains, options, and targets.
43.8.3.2. Basic Firewall Policies
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.
702