| |
@@ -1,75 +1,30 @@
|
| |
- = How to edit iptables rules
|
| |
+ = Command Line Interface
|
| |
|
| |
- '''
|
| |
+ == Changes to iptables Rules
|
| |
|
| |
- [IMPORTANT]
|
| |
- ======
|
| |
+ The following procedures allow for changes in the behaviour of the firewall
|
| |
+ while it is running. It is important to understand that every change
|
| |
+ is applied immediately.
|
| |
|
| |
- This page was automatically converted from https://fedoraproject.org/wiki/How_to_edit_iptables_rules
|
| |
+ Read the man pages (`man iptables`) for further explanations
|
| |
+ and more sophisticated examples.
|
| |
|
| |
- It is probably
|
| |
|
| |
- * Badly formatted
|
| |
- * Missing graphics and tables that do not convert well from mediawiki
|
| |
- * Out-of-date
|
| |
- * In need of other love
|
| |
+ === Listing Rules
|
| |
|
| |
-
|
| |
- Pull requests accepted at https://pagure.io/fedora-docs/quick-docs
|
| |
-
|
| |
- Once you've fixed this page, remove this notice, and update
|
| |
- [filename]`modules/ROOT/nav.adoc`.
|
| |
-
|
| |
- Once the document is live, go to the original wiki page and replace its text
|
| |
- with the following macro:
|
| |
+ Currently running iptables rules can be viewed with the command:
|
| |
|
| |
....
|
| |
- {{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}
|
| |
+ # iptables -L
|
| |
....
|
| |
|
| |
- ======
|
| |
-
|
| |
- '''
|
| |
-
|
| |
- include::{partialsdir}/unreviewed-message.adoc[]
|
| |
-
|
| |
- In this how-to, we will illustrate three ways to edit iptables Rules :
|
| |
-
|
| |
- * *CLI :* iptables command line interface and system configuration file
|
| |
- /etc/sysconfig/iptables.
|
| |
- * *TUI (text-based) interface :* setup or system-config-firewall-tui
|
| |
- * *GUI :* system-config-firewall
|
| |
-
|
| |
- NOTE: This how-to illustrates editing existing iptables Rules, not the
|
| |
- initial creation of Rules chains.
|
| |
-
|
| |
- __TOC__
|
| |
-
|
| |
- [[cli-command-line-interface]]
|
| |
- == CLI (command line interface)
|
| |
-
|
| |
- [[hot-changes-to-iptables-rules]]
|
| |
- === Hot changes to iptables Rules
|
| |
|
| |
- The following procedures allow changes in the behaviour of the firewall
|
| |
- while it is running.
|
| |
-
|
| |
- Read the man pages for iptables (man iptables) for further explanations
|
| |
- and more sophisticated Rules examples.
|
| |
-
|
| |
- [[listing-rules]]
|
| |
- ==== Listing Rules
|
| |
-
|
| |
- Current running iptables Rules can be viewed with the command
|
| |
-
|
| |
- ....
|
| |
- iptables -L
|
| |
- ....
|
| |
-
|
| |
- .
|
| |
-
|
| |
- Example of iptables Rules allowing any connections already established
|
| |
- or related, icmp requests, all local traffic, and ssh communication:
|
| |
+ The following example shows four rules. These rules permit
|
| |
+ established or related connections, any ICMP traffic, any local traffic as
|
| |
+ well as incoming connections on port 22. Please note that the output has
|
| |
+ no indication that the third rule applies only to local traffic. Therefore
|
| |
+ you might want to add the `-v` option. This will reveal that the rule only
|
| |
+ applies to traffic on the loopback interface.
|
| |
|
| |
....
|
| |
[root@server ~]# iptables -L
|
| |
@@ -87,16 +42,16 @@
|
| |
target prot opt source destination
|
| |
....
|
| |
|
| |
- Note that Rules are applied in order of appearance, and the inspection
|
| |
- ends immediately when there is a match. Therefore, for example, if a
|
| |
- Rule rejecting ssh connections is created, and afterward another Rule is
|
| |
- specified allowing ssh, the Rule to reject is applied and the later Rule
|
| |
- to accept the ssh connection is not.
|
| |
+ Also remember that rules are applied in order of appearance and that after the
|
| |
+ first match, no further rules are considered (there are exceptions, please refer
|
| |
+ to the man pages for details). For example, in case there is a rule rejecting
|
| |
+ ssh connections and subsequently a second rule permitting ssh connections, the
|
| |
+ first rule would be applied to incoming ssh connections while the latter would
|
| |
+ never be evaluated.
|
| |
|
| |
- [[appending-rules]]
|
| |
- ==== Appending Rules
|
| |
+ === Appending Rules
|
| |
|
| |
- The following adds a Rule at the end of the specified chain of iptables:
|
| |
+ The following adds a rule at the end of the specified chain of iptables:
|
| |
|
| |
....
|
| |
[root@server ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
| |
@@ -116,15 +71,13 @@
|
| |
target prot opt source destination
|
| |
....
|
| |
|
| |
- Notice the last line in chain INPUT. There are now five Rules in that
|
| |
- chain.
|
| |
+ Notice the last line in the INPUT chain. There are now five rules.
|
| |
|
| |
- [[deleting-rules]]
|
| |
- ==== Deleting Rules
|
| |
+ === Deleting Rules
|
| |
|
| |
- To delete a Rule, you must know its position in the chain. The following
|
| |
- example deletes an existing Rule created earlier that is currently in
|
| |
- the fifth position:
|
| |
+ To delete a rule you need to know its position in the chain. The following will
|
| |
+ delete the rule from the previous example. To do so, the rule in the fifth
|
| |
+ position has to be deleted:
|
| |
|
| |
....
|
| |
[root@server ~]# iptables -D INPUT 5
|
| |
@@ -143,10 +96,10 @@
|
| |
target prot opt source destination
|
| |
....
|
| |
|
| |
- [[inserting-rules]]
|
| |
- ==== Inserting Rules
|
| |
+ === Inserting Rules
|
| |
|
| |
- Create a Rule at the top (first) position:
|
| |
+ You can also insert rules at a specific position. To insert a rule at the top
|
| |
+ (i.e. first) position, use:
|
| |
|
| |
....
|
| |
[root@server ~]# iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
|
| |
@@ -166,20 +119,18 @@
|
| |
target prot opt source destination
|
| |
....
|
| |
|
| |
- The number given after the chain name indicates the position *before* an
|
| |
- existing Rule. So, for example, if you want to insert a Rule *before*
|
| |
- the third rule you specify the number 3. Afterward, the existing Rule
|
| |
- will then be in the fourth position in the chain.
|
| |
+ The number given after the chain name indicates the position of your new rule
|
| |
+ *after* the insertion. So, for example, if you want to insert a rule at the
|
| |
+ third position, you specify the number 3. Afterwards your new rule is at
|
| |
+ position 3, while the old rule from position 3 is now shifted to position 4.
|
| |
|
| |
- [[replacing-rules]]
|
| |
- ==== Replacing Rules
|
| |
+ === Replacing Rules
|
| |
|
| |
- Rules may be specified to replace existing Rules in the chain.
|
| |
+ Rules may be specified to replace existing rules in the chain.
|
| |
|
| |
- In the example shown previously, the first Rule given allows connections
|
| |
- to the http port (port 80) from anywhere. The following replaces this
|
| |
- Rule, restricting connections to the standard http port (port 80) only
|
| |
- from the network address range 192.168.0.0/24:
|
| |
+ In the previous example, the first rule grants access to tcp port 80 from
|
| |
+ any source. To restrict the access to sources within a local net, the following
|
| |
+ command replaces the first rule:
|
| |
|
| |
....
|
| |
[root@server ~]# iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT
|
| |
@@ -199,33 +150,33 @@
|
| |
target prot opt source destination
|
| |
....
|
| |
|
| |
- [[flushing-rules]]
|
| |
- ==== Flushing Rules
|
| |
+ === Flushing Rules
|
| |
|
| |
- To flush or clear iptables Rules, use the *--flush*, *-F* option :
|
| |
+ To flush or clear all iptables rules, use the `--flush`, `-F` option:
|
| |
|
| |
....
|
| |
- iptables -F <chain>
|
| |
+ # iptables -F <chain>
|
| |
....
|
| |
|
| |
- Specifying a ** is optional; without a chain specification, all chains
|
| |
- are flushed.
|
| |
+ Specifying a chain is optional. Without a given chain, all chains
|
| |
+ are flushed. Remember that the new rule set is immediately active.
|
| |
+ Depending on the default policies, you might loose access to a remote machine
|
| |
+ by flushing the rules.
|
| |
|
| |
- Example to flush Rules in the *OUTPUT* chain :
|
| |
+ To flush all rules in the OUTPUT chain use:
|
| |
|
| |
....
|
| |
- [root@server ~]# iptables -F OUTPUT
|
| |
+ # iptables -F OUTPUT
|
| |
....
|
| |
|
| |
- [[making-changes-persistent]]
|
| |
- === Making changes persistent
|
| |
+ == Making changes persistent
|
| |
|
| |
- The iptables Rules changes using CLI commands will be lost upon system
|
| |
- reboot. However, iptables comes with two useful utilities:
|
| |
- *iptables-save* and *iptables-restore*.
|
| |
+ All changes to iptables rules using the CLI commands will be lost upon system
|
| |
+ reboot. However, `iptables` comes with two useful utilities:
|
| |
+ `iptables-save` and `iptables-restore`.
|
| |
|
| |
- * *iptables-save* prints a dump of current iptables rules to *stdout*.
|
| |
- These may be redirected to a file:
|
| |
+ `iptables-save` prints a dump of current rule set to *stdout*. This may be
|
| |
+ redirected to a file:
|
| |
|
| |
....
|
| |
[root@server ~]# iptables-save > iptables.dump
|
| |
@@ -243,7 +194,7 @@
|
| |
# Completed on Wed Dec 7 20:10:49 2011
|
| |
....
|
| |
|
| |
- * iptables-restore : restore a dump of rules made by iptables-save.
|
| |
+ Use `iptables-restore` to restore a dump of rules made by `iptables-save`.
|
| |
|
| |
....
|
| |
[root@server ~]# iptables-restore < iptables.dump
|
| |
@@ -264,247 +215,37 @@
|
| |
|
| |
In the default configuration, stopping or restarting the iptables
|
| |
service will discard the running configuration. This behavior can be
|
| |
- changed by setting IPTABLES_SAVE_ON_STOP="yes" or
|
| |
- IPTABLES_SAVE_ON_RESTART="yes" in /etc/sysconfig/iptables-config. If
|
| |
- these values are set, the affected files are:
|
| |
+ changed by setting `IPTABLES_SAVE_ON_STOP="yes"` or
|
| |
+ `IPTABLES_SAVE_ON_RESTART="yes"` in `/etc/sysconfig/iptables-config`. If
|
| |
+ these values are set, the configuration will be automatically dumped to
|
| |
+ `/etc/sysconfig/iptables` and `/etc/sysconfig/ip6tables` for IPv4 and IPv6
|
| |
+ respectively.
|
| |
|
| |
- * ....
|
| |
- /etc/sysconfig/iptables
|
| |
- ....
|
| |
- +
|
| |
- for IPv4
|
| |
- * ....
|
| |
- /etc/sysconfig/ip6tables
|
| |
- ....
|
| |
- +
|
| |
- for IPv6
|
| |
-
|
| |
- If preferred, these files may be edited directly, and iptables service
|
| |
- restarted to commit the changes. The format is similar to that of the
|
| |
- iptables CLI commands:
|
| |
+ If you prefer, you may edit these files directly. Restart the iptables
|
| |
+ service or restore the rules to apply your changes. The rules are in the same
|
| |
+ format as you would specify them on the command line:
|
| |
|
| |
....
|
| |
# Generated by iptables-save v1.4.12 on Wed Dec 7 20:22:39 2011
|
| |
- *filter <--------------------------------------------------------- Specify the table of the next rules
|
| |
- :INPUT DROP [157:36334] <----------------------------------------- This is the three chain belong to filter table, then the policy of the chain
|
| |
- :FORWARD ACCEPT [0:0] <------------------------------------------- and between brackets [<packet-counter>:<byte-counter>] numbers is for
|
| |
- :OUTPUT ACCEPT [48876:76493439] <--------------------------------- debug/informations purpose only. Leave them at their current value.
|
| |
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <--------- A rule.
|
| |
- -A INPUT -p icmp -j ACCEPT <-------------------------------------- You just have to take all arguments
|
| |
- -A INPUT -i lo -j ACCEPT <---------------------------------------- of an iptables command.
|
| |
+ *filter
|
| |
+ :INPUT DROP [157:36334]
|
| |
+ :FORWARD ACCEPT [0:0]
|
| |
+ :OUTPUT ACCEPT [48876:76493439]
|
| |
+ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
| |
+ -A INPUT -p icmp -j ACCEPT
|
| |
+ -A INPUT -i lo -j ACCEPT
|
| |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
|
| |
- COMMIT <---------------------------------------------------------- Needed at each end of table definition. Commit rules in that table.
|
| |
+ COMMIT
|
| |
# Completed on Wed Dec 7 20:22:39 2011
|
| |
....
|
| |
|
| |
- If needed, to reset packet and byte counters, use *-Z*, *--zero* :
|
| |
+ The numbers in brackets are counters and usually you don't have to mangle them.
|
| |
+ If needed, you can reset packet and byte counters using the `-Z` or `--zero`
|
| |
+ option:
|
| |
|
| |
....
|
| |
- iptables -Z <chain> <rule_number>
|
| |
+ # iptables -Z <chain> <rule_number>
|
| |
....
|
| |
|
| |
- It is possible to reset only reset a single rule counter. It can be
|
| |
- useful, if you want to know how many packets were captured for a
|
| |
- specific rule.
|
| |
-
|
| |
- [[tui-text-based-user-interface]]
|
| |
- == TUI (text-based user interface)
|
| |
-
|
| |
- There is two ways to managing iptables rules with a text-based user
|
| |
- interface, either using *setup* or *system-config-firewall-tui*. Using
|
| |
- *system-config-firewall-tui* takes you directly to editing the rules.
|
| |
- Using *setup* you need to select *firewall configuration* and then you
|
| |
- can edit rules. Starting with *setup* looks like this:
|
| |
-
|
| |
- image:Firewall-tui.PNG[setup menu
|
| |
- utility,title="setup menu utility",width=700]
|
| |
-
|
| |
- On the next screen, which is where you start with
|
| |
- *system-config-firewall-tui*, make sure that "Firewall" is enabled, or
|
| |
- you cannot edit the settings. Then select *Customize* :
|
| |
-
|
| |
- image:First_menu_firewall_tui.PNG[Firewall Configuration by TUI. First
|
| |
- screen.,title="Firewall Configuration by TUI. First screen.",width=700]
|
| |
-
|
| |
- There is good chance that a service you want to modify is part of the
|
| |
- list of standard "Trusted" services. Select the services you want to
|
| |
- trust (ports to open) and press *Forward* (which means 'next', it is not
|
| |
- port forwarding):
|
| |
-
|
| |
- image:Firewall_TUI_Trusted_services.PNG[Editing trusted service with
|
| |
- firewall tui
|
| |
- interface.,title="Editing trusted service with firewall tui interface.",width=700]
|
| |
-
|
| |
- The Other Ports menu lets you open additional ports not in the list of
|
| |
- standard Trusted Services, or to edit an existing list of additional
|
| |
- ports :
|
| |
-
|
| |
- image:Firewall_TUI_other_ports.PNG[Editing Other ports on firewall
|
| |
- configuration by TUI
|
| |
- interface.,title="Editing Other ports on firewall configuration by TUI interface.",width=700]
|
| |
-
|
| |
- To add other ports, specify one port or a port range, and choose between
|
| |
- *tcp* or *udp* for the protocol. The port range format is _beginningPort
|
| |
- - endingPort_.
|
| |
-
|
| |
- image:Firewall_TUI_adding_other_ports.PNG[Adding other ports on firewall
|
| |
- configuration by TUI
|
| |
- interface.,title="Adding other ports on firewall configuration by TUI interface.",width=700]
|
| |
-
|
| |
- The trusted interfaces menu allows you to trust all traffic on a network
|
| |
- interface. All traffic will be allowed and the port filtering rules will
|
| |
- never match. You should only select an interface that faces a private
|
| |
- network, never an interface that directly faces the Internet.
|
| |
-
|
| |
- image:Firewall_TUI_trusted_interfaces.PNG[Trusted
|
| |
- interfaces.,title="Trusted interfaces.",width=700]
|
| |
-
|
| |
- The Masquerading menu lets you select an interface to be masqueraded.
|
| |
- Masquerading is better known as
|
| |
- *http://en.wikipedia.org/wiki/Network_address_translation[NAT]* (Network
|
| |
- Address Translation), and it is useful for example when your computer is
|
| |
- used as gateway to access the internet:
|
| |
-
|
| |
- image:Firewall_TUI_masquerading.PNG[Firewall TUI interface :
|
| |
- masquerading.,title="Firewall TUI interface : masquerading.",width=700]
|
| |
-
|
| |
- Port forwarding, also known as
|
| |
- *http://en.wikipedia.org/wiki/Network_address_translation#Port_address_translation[PAT]*,
|
| |
- permits traffic from one port to be rerouted to another port.
|
| |
-
|
| |
- image:Firewall_TUI_Port_Forwarding.PNG[Firewall TUI interface :
|
| |
- configuring Port
|
| |
- Forwarding.,title="Firewall TUI interface : configuring Port Forwarding.",width=700]
|
| |
-
|
| |
- For example:
|
| |
-
|
| |
- image:Firewall_TUI_Port_Forwarding_Adding.PNG[Firewall TUI : adding port
|
| |
- forwarding
|
| |
- rules.,title="Firewall TUI : adding port forwarding rules.",width=700]
|
| |
-
|
| |
- The ICMP Filter menu lets you reject various types of ICMP packets. By
|
| |
- default, no limitations are made, but you can define rules to reject
|
| |
- ICMP traffic, define the return error to an ICMP request, etc.
|
| |
-
|
| |
- image:Firewall_TUI_ICMP_Filter.PNG[Firewall TUI: configuring ICMP
|
| |
- behaviour.,title="Firewall TUI: configuring ICMP behaviour.",width=700]
|
| |
-
|
| |
- Finally, you can add custom firewall rules. These must be prepared ahead
|
| |
- of time in files that use the same format as the iptables file.
|
| |
-
|
| |
- image:Firewall_TUI_Custom_Rules.PNG[Firewall TUI: create custom
|
| |
- rules.,title="Firewall TUI: create custom rules.",width=700]
|
| |
-
|
| |
- For adding custom rules you have specify the protocol between *ipv4* or
|
| |
- *ipv6* and on what table add the custom rules *filter*, *mangle* or
|
| |
- *nat* then the path to the file containing rules to add :
|
| |
-
|
| |
- image:Firewall_TUI_Custom_Rules_Adding.PNG[Firewall TUI: adding a custom
|
| |
- rules.,title="Firewall TUI: adding a custom rules.",width=700]
|
| |
-
|
| |
- When you have completed all menus, *Close* the interface, which brings
|
| |
- you back to the first screen of firewall configuration. Select *OK* and
|
| |
- a warning message appear :
|
| |
-
|
| |
- image:Firewall_TUI_Warning.PNG[Firewall TUI
|
| |
- warning.,title="Firewall TUI warning.",width=700]
|
| |
-
|
| |
- Select *Yes* if the configuration you made fits to you and exit
|
| |
- interface, or *No* to go back to the firewall configuration screen.
|
| |
-
|
| |
- [[gui]]
|
| |
- == GUI
|
| |
-
|
| |
- [[red-hat-gui-configuration-tool]]
|
| |
- === Red Hat GUI configuration tool
|
| |
-
|
| |
- GUI interface allow you exactly the same thing that TUI interface, but
|
| |
- it is more friendly usable.
|
| |
-
|
| |
- First time you start GUI, you have a welcome message that warning you
|
| |
- that if you have existing manual rules then this rules will be
|
| |
- overwritten. image:Firewall_GUI_First_Time_Startup.PNG[First time
|
| |
- startup message,title="fig:First time startup message"]
|
| |
-
|
| |
- Before all, you need to *Enable* your firewall to use Firewall
|
| |
- Configuration utility.
|
| |
-
|
| |
- image:FireWwall_GUI_startup.PNG[Firewall Gui startup
|
| |
- screen,title="Firewall Gui startup screen"]
|
| |
-
|
| |
- Then utility warn you that you don't have any existing configuration and
|
| |
- want you execute the wizard. Click on *Start wizard*:
|
| |
-
|
| |
- image:No_configuration.PNG[No firewall
|
| |
- configuration,title="No firewall configuration"]
|
| |
-
|
| |
- Click on forward :
|
| |
-
|
| |
- image:Firewall_Wizard.PNG[Firewall Wizard : welcome
|
| |
- screen,title="Firewall Wizard : welcome screen"]
|
| |
-
|
| |
- _System with network access_ enable Firewall and _System without network
|
| |
- access_ disable Firewall, so select _System with network access_ :
|
| |
-
|
| |
- image:Firewall_Wizard_2.PNG[Firewall Wizard : network
|
| |
- access?,title="Firewall Wizard : network access?"]
|
| |
-
|
| |
- Beginner allow you to modify only _Trusted Services_, it's fine if you
|
| |
- use only known services like ftp, dns, http, etc but don't allow you to
|
| |
- configure customs ports range, select _Expert_ to have full featured
|
| |
- Firewall Configuration utility, you can change this option later in the
|
| |
- *Options* menu Main windows, in *User Skill Level* :
|
| |
-
|
| |
- image:Firewall_Wizard_3.PNG[Firewall Wizard :
|
| |
- skill?,title="Firewall Wizard : skill?"]
|
| |
-
|
| |
- *Server* template enable only ssh port on firewall configuration
|
| |
- _Desktop_ template enable additional ports for _IPsec_, _Multicast DNS_,
|
| |
- _Network Printing Client_ and _SSH_. For convenience select Desktop, and
|
| |
- *OK* :
|
| |
-
|
| |
- image:Firewall_Wizard_4.PNG[Firewall Wizard : configuration
|
| |
- base?,title="Firewall Wizard : configuration base?"]
|
| |
-
|
| |
- As described earlier _Desktop_ template enable 4 services _IPsec_,
|
| |
- _mDNS_, _IPP_ and _SSH_. If you have services listed in *Trusted
|
| |
- Services* section that you want to enabled, you just have to click on
|
| |
- it, that's all. It is possible to change template by using the *Options*
|
| |
- menu, in *Load Default Configuration*.
|
| |
-
|
| |
- image:Firewall_Wizard_5.PNG[Firewall Main interface :
|
| |
- enabled,title="Firewall Main interface : enabled"]
|
| |
-
|
| |
- *Other Ports* allow you to edit custom rules if your service port wasn't
|
| |
- in *Trusted service*. To begin, just click on *Add* button. Then either
|
| |
- you choose in services list the right service or you tick *User Defined*
|
| |
- and fill requested information about *Port / Port Range* and *Protocol*.
|
| |
-
|
| |
- image:Firewall_GUI_other_ports.PNG[Firewall GUI : edit other ports
|
| |
- rules.,title="Firewall GUI : edit other ports rules."]
|
| |
-
|
| |
- *Trusted Interfaces*, *Masquerading*, *Port Forwarding*, *ICMP Filter*
|
| |
- and _Custom Rules_' have exactly the same effect than in TUI interface.
|
| |
-
|
| |
- When configuration fits to you, just click on the *Apply* button.
|
| |
-
|
| |
- [[others-gui]]
|
| |
- === Others GUI
|
| |
-
|
| |
- There are others GUI available to configure iptables rules.
|
| |
-
|
| |
- * http://www.fwbuilder.org/_fwbuilder[http://www.fwbuilder.org/
|
| |
- fwbuilder] : very complete gui tools to configure iptables.
|
| |
- * http://shorewall.net/_Shorewall[http://shorewall.net/ Shorewall] :
|
| |
- another very complete gui like fwbuilder.
|
| |
- * http://www.turtlefirewall.com/_Turtle_firewall_project[http://www.turtlefirewall.com/
|
| |
- Turtle firewall project] : web interface and integrated to webmin. Fits
|
| |
- to basic usage of Iptables, can not handle all iptables options like
|
| |
- fwbuilder
|
| |
- * http://users.telenet.be/stes/ipmenu.html_IPmenu[http://users.telenet.be/stes/ipmenu.html
|
| |
- IPmenu] : console based interface that allow you all iptables
|
| |
- functionalities.
|
| |
- '''
|
| |
-
|
| |
- See a typo, something missing or out of date, or anything else which can be
|
| |
- improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.
|
| |
+ It is possible to reset only a single rule counter. This might become handy
|
| |
+ if you want to know how many packets were captured for a specific rule.
|
| |
Review Quick-Docs : SilverBlue
Why this change is needed:
Add SilverBlue Section
What this change accomplishes:
[Ticket: 107] : https://pagure.io/fedora-docs/quick-docs/issue/107