User guide
Chapter 13: Command Line Interface
190
iptables Command Examples
Iptables can be configured in a plethora of ways that is outside the scope
of this document. The examples below show some simple configuration
options created with iptables.
The following example enables a log for iptables:
admin > firewall > iptables -A INPUT -t filter -j LOG
--log-prefix DOM_IPACL -m state --state NEW -s <IP>
Adding a default local rule
The default local rule is included as part of the standard Dominion SX
implementation.
Restricting Access from an IP Address
To restrict access to the Dominion SX from a specific IP address
(192.168.1.100):
admin > Security > firewall > iptables -A INPUT -t filter
-j DROP
-s 192.168.1.100
Logging a message when IP Address connects
To send a syslog message when an IP Address connects to the
Dominion SX:
admin > Security >firewall >iptables -A INPUT -t filter
-j LOG
--log-prefix DOM_IPACL -m state --state NEW -s
192.168.1.100
Allowing Access from an IP Range
To allow access to the Dominion SX from a specific IP range
(192.168.0.1-192.168.0.255).
admin > Security > firewall > iptables -A INPUT -t filter
-j ACCEPT -s 192.168.0.0/255.255.255.0
Disable all ICMP traffic
To disable ICMP protocol traffic, and have the Dominion SX not respond
to pings.
admin > Security > firewall > iptables -A INPUT -p icmp
-j DROP
Prevent Access to the Telnet port from an IP Address
To disable acccess to the telnet port for a particular ip address
admin > Security > firewall > iptables -A INPUT -p tcp
--dport 23
-j DROP -s 192.168.0.100