Filter
Top Products
CHAPTER 12: COMMAND LINE INTERFACE 143
-m state
Load a match extension module.
-p
The protocol of the traffic.
-s
Source address
-save
Save the IP Tables.
--state NEW
<enter rule to
trigger here>
-t filter
iptables Command Examples
Iptables can be configured in a plethora of ways that is outside the scope of this document. The
examples below show some simple configuration options created with iptables.
The following example enables a log for iptables:
admin > firewall > iptables -A input -t filter -j LOG
--log-prefix DOM_IPACL -m state --state NEW -s <IP>
Adding a default local rule
To add a default iptable rule for local access:
admin > Security >firewall >iptables -A INPUT -t filter -j ACCEPT
-s 127.0.0.1
Restricting Access from an IP Address
To restrict access to the SX from a specific IP address (192.168.1.100):
admin > Security >firewall >iptables -A INPUT -t filter -j DROP
-s 192.168.1.100
Logging a message when IP Address connects
To send a syslog message when an IP Address connects to the SX:
admin > Security >firewall >iptables -A INPUT -t filter -j LOG
--log-prefix DOM_IPACL -m state --state NEW -s 192.168.1.100
Allowing Access from an IP Range
To allow access to the SX from a specific IP range (192.168.0.1-192.168.0.255).
admin > Security >firewall >iptables -A INPUT -t filter
-j ACCEPT -s 192.168.0.0/255.255.255.0
Disable all ICMP traffic
To disable ICMP protocol traffic, and have the SX not respond to pings.
admin > Security >firewall >iptables -A INPUT -p icmp -j DROP
Prevent Access to the Telnet port from an IP Address
To disable acccess to the telnet port for a particular ip address
admin > Security >firewall >iptables -A INPUT -p tcp --dport 23
-j DROP -s 192.168.0.100
View the current iptables