User`s manual
UC-7112-LX Plus Software User’s Manual Managing Communications
4-9
NOTE The UC-7112-LX Plus does NOT support IPV6 and ipchains.
The basic syntax to enable and load an IPTABLES module is as follows:
#lsmod
#insmod ip_tables
#insmod iptable_filter
Use
lsmod to check if the ip_tables module has already been loaded in the UC-7112-LX Plus. Use
insmod
to insert and enable the module.
Use the following command to load the modules (iptable_filter, iptable_mangle, iptable_nat):
#insmod iptable_filter
NOTE IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES
rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied
access. We recommend using the serial console to set up the IPTABLES.
Click on the following links for more information about iptables.
http://www.linuxguruz.com/iptables/
http://www.netfilter.org/documentation
/HOWTO//packet-filtering-HOWTO.html
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have
divided our discussion of the various rules into three categories: Observe and erase chain rules,
Define policy rules, and Append or delete rules.
Observe and erase chain rules
Usage:
# iptables [-t tables] [-L] [-n]
-t tables: Table to manipulate (default: ‘filter’); example: nat or filter.
-L [chain]: List List all rules in selected chains. If no chain is selected, all chains are listed.
-n: Numeric output of addresses and ports.
# iptables [-t tables] [-FXZ]
-F: Flush the selected chain (all the chains in the table if none is listed).
-X: Delete the specified user-defined chain.
-Z: Set the packet and byte counters in all chains to zero.
Examples:
# iptables -L -n
In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table.
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted
automatically, and all connections are accepted without being filtered.
#iptables –F
#iptables –X
#iptables -Z