System information
cycli Commands
314 AlterPath OnBoard Administrator’s Guide
iptables
3
nat|filter Add chainname to the list of chains: add
iptables nat|filter chainname.
By default, a set of chains is defined but no
rules are configured: For NAT, the predefined
chains are: PREROUTING, POSTROUTING,
OUTPUT. For filter, the predefined chains
are: INPUT, OUTPUT, FORWARD.
Then use the set command to set filtering
policies for each rule, by optionally specifying
one or more of the following: a destination IP,
[destination IPaddress]; whether to
invert the destination IP [inv]; a source IP
address [source IPaddress] whether to
invert the source IP address [inv]; a protocol
[tcp, udp, icmp, all or a protocol
number], whether to invert the protocol
[inv]; for protocol tcp or udp, the
destination port [dport]; source port
[sport]; whether to invert the protocol
[inv]; an input interface [in-
interface]; whether to invert the in-
interface [inv]; an output interface [out-
interface]; whether to invert the out-
interface [inv]; whether to allow fragments
[fragment yes] or to disallow all
fragments [fragment no]; whether to
invert the fragment yes | no [inv]; a
target action [target action]. For NAT
and filter, the following target actions are
defined: DROP, ACCEPT, REJECT
, or
chainname. For NAT, the following
additional target actions are defined: DNAT to
change the destination address [DNAT to-
destination IPaddress]; and SNAT,
to change the source IP [SNAT to-source
IPaddress].
Table 10-2: Parameters That Work With the cycli add Command (Sheet 2 of 9)
Parameter Level 1 Parameter Level 2 Configures