Table of Contents
Advertisement
Section 18.4:Storing iptables Information
18.3.7 Listing Options
The default list command, iptables -L, provides a very basic overview of the defualt filter table's
current rile chains. Additional options exist that provide more information and arrange that informa-
tion in specific ways:
•
-v Display verbose output, such as the number of packets and bytes each chain has seen, the
number of packets and bytes each rule has matched, and which interfaces apply to a particular
rule.
•
-x Expands numbers into their exact values. On a busy system, the number of packets and bytes
seen by a particular chain or rule may be abbreviated using K (thousands), M (millions), and G
(billions) at the end of the number. This option forces the full number to be displayed.
•
-n Displays IP addresses and port numbers in numeric format, rather than the default hostname
and network service format.
•
--line-numbers Lists rules in each chain next to their numeric order in the chain. This option
is useful when attempting to delete a specific rule in a chain, or to locate where to insert a rule
within a chain.
18.4 Storing iptables Information
Rules created with the iptables command are only stored in RAM. If you were to restart your
system after setting up various iptables rules, they would be lost and you would need to retype
them. If you want particular rules to take effect whenever your system boots, you need to save them
to the /etc/sysconfig/iptables file.
To do this, arrange your tables, chains, and rules the way they should be the next time the system boots
or iptables is restarted, and type the /sbin/service iptables save command as the root
user. This causes the iptables init script to run the /sbin/iptables-save program and write
the current iptables configuration to the /etc/sysconfig/iptables file. This file should
only be readable by root, so your precise packet filtering rules are not viewable by average users.
The next time the system boots, the iptables init script will reapply the rules saved in
/etc/sysconfig/iptables by using the /sbin/iptables-restore command.
While it is always a good idea to test a new iptables rule before committing it to the
/etc/sysconfig/iptables file, it is possible to copy iptables rules into this file from
another system's version of this file. This allows you to quickly distribute sets of iptables rules
to many different machines at once. Simply restart iptables to make the new rules take effect.
307
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers