Service manual
Cyclades-TS
90
Appendix A - Linux
Installation & Service Manual
target is one of the following:
ACCEPT
DENY
the name of another chain
interface is:
eth0 (The Ethernet interface is the only option on the Cyclades-TS.) Lists do not need to be associated to an
interface, so this option may be omitted.
To save changes made using the ipchains command, execute fwset. This command will save the filter configu-
ration in the file /etc/network/firewall and then save the file in flash memory.
To delete the changes made (before fwset is executed) execute fwset restore to return to the lists previously
saved in /etc/network/firewall. Only the lists previously saved using fwset will then be defined. This command is
executed at boot to invoke the last configuration saved.
Another option is to edit the file /etc/network/firewall (or another file) directly, following the syntax defined in the
file itself. If the file is edited in this way, the command fwset cannot be used to save and restore the configura-
tion. Use
ipchains-save > file_name to save the lists in file_name
updatefiles file_name to save file_name to flash memory
ipchains-restore < file_name to restore the lists to the configuration in file_name
An example of the use of ipchains for a console access server
Referring to Fig 5.5
If the administrator wishes to restrict access to the consoles connected to the Cyclades-TS to a user on the
workstation with IP address 200.200.200.4, a filter can be set up as shown below.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -A input -p tcp -s ! 200.200.200.4 -d 0.0.0.0/0 23 -j DENY