Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Security > Issue <<  112 of 218 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 941
Last update: 05-11-06
Issue:
What are the command options for iptables?
Resolution:

Command options instruct iptables to perform a specific action. Only one command option is allowed per iptables command. With the exception of the help command, all commands are written in upper-case characters.

The iptables commands are as follows:

  • -A   - Appends the iptables rule to the end of the specified chain. This is the command used to add a rule when rule order in the chain does not         matter.
  • -C   - Checks a particular rule before adding it to the user-specified chain. This command can help you construct complicated iptables rules by          prompting you for additional parameters and options.
  • -D   - Deletes a rule in a particular chain by number (such as 5 for the fifth rule in a chain). You can also type the entire rule, and iptables deletes the rule          in the chain that matches it.
  • -E   - Renames a user-defined chain. This does not affect the structure of the table.
  • -F   - Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain is specified, this command flushes every rule from every          chain.
  • -h   - Provides a list of command structures, as well as a quick summary of command parameters and options.
  • -I   - Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is specified, iptables places the command at the top of           the chain.
    • Caution: Be aware when using the -A or -I option that the order of the rules within a chain are important for determining which rules apply to which packets.
  • -L   - Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default filter table, do not specify a chain or table.          Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:

        iptables -L <chain-name> -t <table-name>

  • -N   - Creates a new chain with a user-specified name.
  • -P   - Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent on to the          specified target, such as ACCEPT or DROP.
  • -R  - Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule           number           one.
  • -X   - Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed.
  • -Z   - Zeros the byte and packet counters in all chains for a table.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Security > Issue <<   112  of  218  >>