Creating a custom IP Chain, adding rules to that and creating a rule which would bring the Custom Chain into play:
1. Create a New Rule:
[root@rhel5 ~]# iptables -N MYCHAIN
2. Add a rule to that chain eg. to disallow an IP (192.168.1.10) from accessing the SMTP port (25) on (192.168.1.20):
[root@rhel5 ~]# iptables -A MYCHAIN -s 192.168.1.10 -d 172.168.1.20 -p tcp --dport 25 -j REJECT
(The destination IP is an alias to the network interface eth0, eg. eth0:1)
3. Creating a rule in the default INPUT chain which would jump to the custom rule whenever any request comes on the eth+ interface:
[root@rhel5 ~]# iptables -A INPUT -i eth+ -j MYCHAIN
4. Save the iptables rules:
[root@rhel5 ~]# service iptables save
5. Restart the iptables service
[root@rhel5 ~]# service iptables restart
6. To list all the rules;
[root@rhel5 ~]# iptables -L
No comments:
Post a Comment