Skip to content

add host firewall

Mason J. Katz edited this page Dec 15, 2015 · 1 revision

add host firewall

Usage

stack add host firewall {host} [action=string] [chain=string] [comment=string] [flags=string] [network=string] [output-network=string] [protocol=string] [rulename=string] [service=string] [table=string]

Description

Add a firewall rule for the specified hosts.

Arguments

  • {host}

    Host name of machine

Parameters

  • [action=string]

    The iptables 'action' this rule should be applied to (e.g., ACCEPT, REJECT, DROP).

  • [chain=string]

    The iptables 'chain' this rule should be applied to (e.g., INPUT, OUTPUT, FORWARD).

  • [comment=string]

    A comment associated with this rule. The comment will be printed directly above the rule in the firewall configuration file.

  • [flags=string]

    Optional flags associated with this rule. An example flag is: "-m state --state RELATED,ESTABLISHED".

  • [network=string]

    The network this rule service should be applied to. This is a named network (e.g., 'private') and must be one listed by the command 'rocks list network'. To have this firewall rule apply to all networks, specify the keyword 'all'.

  • [output-network=string]

    The output network this rule should be applied to. This is a named network (e.g., 'private') and must be one listed by the command 'rocks list network'.

  • [protocol=string]

    The protocol associated with the service. For example, "tcp" or "udp". To have this firewall rule apply to all protocols, specify the keyword 'all'.

  • [rulename=string]

    The rule name for the rule to add. This is the handle by which the admin can remove or override the rule.

  • [service=string]

    The service identifier, port number or port range. For example "www", 8080 or 0:1024. To have this firewall rule apply to all services, specify the keyword 'all'.

  • [table=string]

    The table to add the rule to. Valid values are 'filter', 'nat', 'mangle', and 'raw'. If this parameter is not specified, it defaults to 'filter'

Examples

  • stack add host firewall localhost network=private service="all" protocol="all" action="ACCEPT" chain="FORWARD"

    Accept all services and all protocols from the private network on the FORWARD chain. If 'eth0' is associated with the private network, then this will be translated as the following iptables rule: "-A FORWARD -i eth0 -j ACCEPT".

  • stack add host firewall localhost network=all service="40000" protocol="tcp" action="REJECT" chain="INPUT"

    Reject TCP packets that are destined for port 40000 on all networks on the INPUT chain. This will be translated into the following rule: "-A INPUT -p tcp --dport 40000 -j REJECT"

Clone this wiki locally