Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
919293949596979899100
Chapter 2. Securing Your Network
84
Type iptables -h to view a comprehensive list of iptables command structures.
2.6.2.2. Command Options
Command options instruct iptables to perform a specific action. Only one command option is
allowed per iptables command. With the exception of the help command, all commands are written
in upper-case characters.
The iptables commands are as follows:
-A — Appends the rule to the end of the specified chain. Unlike the -I option described below, it
does not take an integer argument. It always appends the rule to the end of the specified chain.
-D <integer> | <rule> — Deletes a rule in a particular chain by number (such as 5 for the fifth
rule in a chain), or by rule specification. The rule specification must exactly match an existing rule.
-E — Renames a user-defined chain. A user-defined chain is any chain other than the default, pre-
existing chains. (Refer to the -N option, below, for information on creating user-defined chains.) This
is a cosmetic change and does not affect the structure of the table.
Note
If you attempt to rename one of the default chains, the system reports a Match not found
error. You cannot rename the default chains.
-F — Flushes the selected chain, which effectively deletes every rule in the chain. If no chain is
specified, this command flushes every rule from every chain.
-h — Provides a list of command structures, as well as a quick summary of command parameters
and options.
-I [<integer>] — Inserts the rule in the specified chain at a point specified by a user-defined
integer argument. If no argument is specified, the rule is inserted at the top of the chain.
Important
As noted above, the order of rules in a chain determines which rules apply to which packets.
This is important to remember when adding rules using either the -A or -I option.
This is especially important when adding rules using the -I with an integer argument. If you
specify an existing number when adding a rule to a chain, iptables adds the new rule before
(or above) the existing rule.
-L — Lists all of the rules in the chain specified after the command. To list all rules in all chains in
the default filter table, do not specify a chain or table. Otherwise, the following syntax should be
used to list the rules in a specific chain in a particular table:
iptables -L <chain-name> -t <table-name>
Additional options for the -L command option, which provide rule numbers and allow more verbose
rule descriptions, are described in Section 2.6.2.6, “Listing Options”.