User guide

ManualsBrandsRaritan ManualsComputer equipmentDOMINION SX -

221

222

223

224

225

226

227

228

229

230

Chapter 13: Command Line Interface

205

iptables Command Examples

Iptablescanbeconfiguredinaplethoraofwaysthatisoutsidethescope

ofthisdocument.Theexamplesbelowshowsomesimpleconfiguration

optionscreatedwithiptables.

Thefollowingexampleenablesalogforiptables:

admin > firewall > iptables -A INPUT -t filter -j LOG

--log-prefix DOM_IPACL -m state --state NEW -s <IP>

Addingadefaultlocalrule

ThedefaultlocalruleisaddedasstandardimplementationinDominion

SX.

Restri

ctingAccessfromanIPAddress

TorestrictaccesstotheSXfromaspecificIPaddress(192.168.1.100):

admin > Security > firewall > iptables -A INPUT -t filter

-j DROP

-s 192.168.1.100

LoggingamessagewhenIPAddressconnects

TosendasyslogmessagewhenanIPAddressconnectstotheSX:

admin > Security >firewall >iptables -A INPUT -t filter

-j LOG

--log-prefix DOM_IPACL -m state --state NEW -s

192.168.1.100

AllowingAccessfromanIPRange

Toal

lowacce

sstotheSXfromaspecificIPrange

(192.168.0.1‐192.168.0.255).

admin > Security > firewall > iptables -A INPUT -t filter

-j ACCEPT -s 192.168.0.0/255.255.255.0

DisableallICMPtraffic

TodisableICMPprotocoltraffic,andhavetheSXnotrespondtopings.

admin > Security > firewall > iptables -A INPUT -p icmp

-j DROP

PreventAccesstotheTelnetportfromanIPAddress

Todisableacccesstothetelnetportforapa

rticularipaddre

ss

admin > Security > firewall > iptables -A INPUT -p tcp

--dport 23

-j DROP -s 192.168.0.100