RISC-based Communication Platforms User's Manual UC-7420/7410
UC-7420/7410 User’s Manual  Managing Communication 
4-9
OUTPUT:  For locally-generated packets. 
FORWARD:    For packets routed out through the UC-7420/7410. 
PREROUTING:   To alter packets as soon as they come in. 
POSTROUTING:  To alter packets as they are about to be sent out. 
Examples: 
#iptables –P INPUT DROP 
#iptables –P OUTPUT ACCEPT 
#iptables –P FORWARD ACCEPT 
#iptables –t nat –P PREROUTING ACCEPT 
#iptables –t nat –P OUTPUT ACCEPT 
#iptables -t nat –P POSTROUTING ACCEPT 
In this example, the policy accepts outgoing packets and denies incoming packets. 
Append or delete rules: 
Usage: 
# iptables [-t table] [-AI] [INPUT, OUTPUT, FORWARD] [-io interface] [-p tcp, udp, icmp, 
all] [-s IP/network] [--sport ports] [-d IP/network] [--dport ports] –j [ACCEPT. DROP] 
-A:    Append one or more rules to the end of the selected chain. 
-I:    Insert one or more rules in the selected chain as the given rule number. 
-i:    Name of an interface via which a packet is going to be received. 
-o:    Name of an interface via which a packet is going to be sent. 
-p:    The protocol of the rule or of the packet to check. 
-s:    Source address (network name, host name, network IP address, or plain IP address). 
--sport: Source port number. 
-d: Destination address. 
--dport: Destination  p ort  number. 
-j:    Jump target. Specifies the target of the rules; i.e., how to handle matched packets. 
For example, ACCEPT the packet, DROP the packet, or LOG the packet. 
Examples: 
Example 1: Accept all packets from lo interface. 
# iptables –A INPUT –i lo –j ACCEPT 
Example 2: Accept TCP packets from 192.168.0.1. 
# iptables –A INPUT –i ixp0 –p tcp –s 192.168.0.1 –j ACCEPT 
Example 3: Accept TCP packets from Class C network 192.168.1.0/24. 
# iptables –A INPUT –i ixp0 –p tcp –s 192.168.1.0/24 –j ACCEPT 
Example 4: Drop TCP packets from 192.168.1.25. 
# iptables –A INPUT –i ixp0 –p tcp –s 192.168.1.25 –j DROP 
Example 5: Drop TCP packets addressed for port 21. 
# iptables –A INPUT –i ixp0 –p tcp --dport 21 –j DROP 
Example 6: Accept TCP packets from 192.168.0.24 to UC-7420/7410’s port 137, 138, 139 
# iptables –A INPUT –i ixp0 –p tcp –s 192.168.0.24 --dport 137:139 –j ACCEPT 
Example 7: Log TCP packets that visit UC-7420/7410’s port 25. 
# iptables –A INPUT –i ixp0 –p tcp --dport 25 –j LOG 
Example 8: Drop all packets from MAC address 01:02:03:04:05:06. 
# iptables –A INPUT –i ixp0 –p all –m mac –mac-source 01:02:03:04:05:06 –j DROP 
NOTE: In Example 8, remember to issue the command 
#modprobe ipt_mac
 first to load module 
ipt_mac.










