Red Hat Enterprise Linux 5 Administration Unleashed

IPTables Examples 501. condrestart: Stop the service, then start it again but only if it is already running.. save: Save current rules in /etc/sysconfig/iptables.. status: If firewall is active, display output of rules.. panic: Same as stop, but after the firewall is disabled, the policy is set to drop allpackets.To activate the firewall at boot time, execute the following as root:chkconfig iptables onSaving the IPTables RulesIPTables rules can be set on the command line by issuing the iptables commands one byone as root. However, they are only in effect until the system is rebooted or the table of rulesis cleared. They are not saved. Executing individual iptables commands is useful for testingthe syntax of new rules or watching how they affect packets in real-time. However, at somepoint, the rules need to be saved so that they can be used on subsequent reboots. After settingup your rules, use the following command as root to save them to /etc/sysconfig/iptables:24service iptables saveThe next time the system is rebooted and the iptables service is started, the rules are readfrom the file and re-enabled.Alternately, you can add your IPTables rules directly to the /etc/sysconfig/iptables file.IPTables ExamplesWith so many tables, chains, and targets, the possible IPTables rules seem endless. Thissection gives some common examples to help you understand how it all fits together.. Flush rules for the INPUT, FORWARD, and OUTPUT chains:iptables -F INPUTiptables -F FORWARDiptables -F OUTPUT. Drop all incoming and forwarding packets but allow outgoing packets to be sent:iptables -P INPUT DROPiptables -P FORWARD DROPiptables -P OUTPUT ACCEPT. To allow incoming and outgoing connections to the port used for a network service:iptables -A INPUT -p tcp --sport -j ACCEPTiptables -A OUTPUT -p tcp --dport -j ACCEPT