Network Device User's Manual
UC-7110 Series User’s Manual  Configuring UC-7110 
 4-6
NOTE  IPTABLES plays the role of packet filtering or NAT. Take care when setting up the IPTABLES 
rules. If the rules are not correct, remote hosts that connect via a LAN or PPP may be denied 
access. We recommend using the Serial Console to set up the IPTABLES. 
Click on the following links for more information about iptables. 
http://www.linuxguruz.com/iptables/ 
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html 
Since the IPTABLES command is very complex, to illustrate the IPTABLES syntax we have 
divided our discussion of the various rules into three categories: Observe and erase chain rules, 
Define policy rules, and Append or delete rules. 
Observe and erase chain rules 
Usage: 
# iptables [-t tables] [-L] [-n] 
-t tables:    Table to manipulate (default: ‘filter’); example: nat or filter. 
-L [chain]: List  List all rules in selected chains. If no chain is selected, all chains are listed. 
-n:      Numeric output of addresses and ports. 
# iptables [-t tables] [-FXZ]  
-F:  Flush the selected chain (all the chains in the table if none is listed). 
-X:  Delete the specified user-defined chain. 
-Z:  Set the packet and byte counters in all chains to zero. 
Examples: 
# iptables -L -n  
In this example, since we do not use the -t parameter, the system uses the default ‘filter’ table. 
Three chains are included: INPUT, OUTPUT, and FORWARD. INPUT chains are accepted 
automatically, and all connections are accepted without being filtered. 
#iptables –F 
#iptables –X 
#iptables -Z 
Define policy for chain rules 
Usage: 
# iptables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING] 
[ACCEPT, DROP] 
-P:       Set the policy for the chain to the given target. 
INPUT:      For packets coming into the UC-7110. 
OUTPUT:  For locally-generated packets. 
FORWARD:    For packets routed out through the UC-7110. 
PREROUTING:  To alter packets as soon as they come in. 
POSTROUTING:  To alter packets as they are about to be sent out. 
Examples: 
#iptables –P INPUT DROP 
#iptables –P OUTPUT ACCEPT 
#iptables –P FORWARD ACCEPT 
#iptables –t nat –P PREROUTING ACCEPT 
#iptables –t nat –P OUTPUT ACCEPT 
#iptables -t nat –P POSTROUTING ACCEPT 
In this example, the policy accepts outgoing packets and denies incoming packets. 










