Re: iptables is not working
> So create the rues and i saved it ..but no response is there...[color=blue]
> ---->iptables -N vlan100
> ---->iptables -N vlan120
> ---->iptables -A FORWARD -d 172.16.100.0/24 -j vlan100
> ---->iptables -A FORWARD -s 172.16.120.0/24 -j vlan120
> ---->service iptables save[/color]
The -N creates a group.
You need a -A <group> to put the above rules in that group.
Then you need to do a -A FORWARD -j <group> to implement it.
Where you have -j vlan100/120 you're not really telling iptables what to
do with it, i.e. DROP, ACCEPT, REJECT.
The save part is probably distro specific, but there's also iptables-save
iirc. Or just put all of the above (with corrections) in a bash script
and run it when you need it, or at boot. My script starts off with some
-F and -X directives which let me start with a clean slate. That way I
can rerun it at any time and as often as I want. And go back six months
or several years later and see exactly what I did in the first place.
Per the basic firewall from the documentation, here's an example of using
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! <external interface> -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -j block
iptables -A FORWARD -j block