iptables
Use this command to enable or disable IP tables. The settings are discarded after reboot.
Syntax
iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands
You can use long or short commands.
--append -A chain |
Append to chain. |
--check -C chain |
Check for the existence of a rule. |
--delete -D chain |
Delete matching rule from chain. |
--delete -D chain rulenum |
Delete rule rulenum (1 = first) from chain. |
--insert -I chain [rulenum] |
Insert in chain as rulenum (default 1=first). |
--replace -R chain rulenum |
Replace rule rulenum (1 = first) in chain. |
--list -L [chain [rulenum]] |
List the rules in a chain or all chains. |
--list-rules -S [chain [rulenum]] |
Print the rules in a chain or all chains. |
--flush -F [chain] |
Delete all rules in chain or all chains. |
--zero -Z [chain [rulenum]] |
Zero counters in chain or all chains. |
--new -N chain |
Create a new user-defined chain. |
--delete-chain -X [chain] |
Delete a user-defined chain. |
--policy -P chain target |
Change policy on chain to target. |
--rename-chain -E old-chain new-chain |
Change chain name, (moving any references). |
Options
You can use long or short commands.
--ipv4 -4 |
Nothing (line is ignored by ip6tables-restore). |
--ipv6 -6 |
Error (line is ignored by iptables-restore). |
[!] --protocol -p proto |
Protocol: by number or name, for example: |
[!] --source -s address[/mask][...] |
Source specification. |
[!] --destination -d address[/mask][...] |
Destination specification. |
[!] --in-interface -i input name[+] |
|
--jump -j target |
Target for rule (may load target extension). |
--goto -g chain |
Jump to chain with no return. |
--match -m match |
Extended match (may load extension). |
--numeric -n numeric |
Output of addresses and ports. |
[!] --out-interface -o output name[+] |
Network interface name ([+] for wildcard). |
--table -t table |
Table to manipulate (default: `filter'). |
--verbose -v |
Verbose mode. |
--wait -w |
Wait for the xtables lock. |
--line-numbers |
Print line numbers when listing. |
--exact -x |
Expand numbers (display exact values). |
[!] --fragment -f |
Match second or further fragments only. |
--modprobe=<command> |
Try to insert modules using this command. |
--set-counters PKTS BYTES |
Set the counter during insert/append. |
[!] --version -V |
Print package version. |