데몬 스크립트 파일 : /etc/rc.d/init.d/iptables

  • 구돌 작성
 iptables /etc/sysconfig/iptables에 미리 정의된 룰에 따라서 리눅스 서버의 방화벽을 실행 및 중지하기 위한 스크립트입니다. 



 , iptables로 구현하는 패킷필터링(packet filtering)방화벽입니다. 





사용옵션 : start|stop|restart|condrestart|status|panic|save


설정파일 :  /etc/sysconfig/iptables


스크립트 사용예

[root@command init.d]# /etc/rc.d/init.d/iptables stop

Flushing all chains:[  OK  ]

Removing user defined chains:[  OK  ]

Resetting built-in chains to the default ACCEPT policy:[  OK  ]

[root@command init.d]#

[root@command init.d]# /etc/rc.d/init.d/iptables start

Flushing all current rules and user defined chains:[  OK  ]

Clearing all current rules and user defined chains:[  OK  ]

Applying iptables firewall rules: [  OK  ]

[root@command init.d]#

[root@command init.d]# /etc/rc.d/init.d/iptables restart

Flushing all current rules and user defined chains:[  OK  ]

Clearing all current rules and user defined chains:[  OK  ]

Applying iptables firewall rules: [  OK  ]

[root@command init.d]#

[root@command init.d]# /etc/rc.d/init.d/iptables status

Table: filter

Chain INPUT (policy ACCEPT)

target     prot opt source               destination        

RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere          


Chain FORWARD (policy ACCEPT)

target     prot opt source               destination        

RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere          


Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination        


Chain RH-Lokkit-0-50-INPUT (2 references)

target     prot opt source               destination        

ACCEPT     all  --  anywhere             anywhere          

REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable

REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere           tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT     tcp  --  anywhere             anywhere           tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

[root@command init.d]#





