The administration tool for managing IP packet filtering for the Linux operating system is known as iptables. With everRun systems, the task of working with iptables has been simplified and streamlined. Using the IPtables Security page, you can set up, maintain, and inspect the various filter table chains and their underlying rules. You have access to the three main chains (INPUT, OUTPUT, and FORWARD) for applying the packet-filtering rules you need. With everRun systems, the rules are applied to the host operating system on each physical machine (PM), to both IPv4 and IPv6 packets, and the rules remain persistent after rebooting.
When you insert a rule, you specify a chain (INPUT, OUTPUT, or FORWARD) and a Rule ID. When processing inbound packets, the kernel applies the rules associated with the INPUT chain, and when processing outbound packets, the kernel applies the rules associated with the OUTPUT chain. The kernel applies the rules associated with the FORWARD chain when processing received inbound packets that must be routed to another host. Rules are applied in order of the Rule ID. (A Rule ID is similar to a row ID, where, for example, Rule ID 1 equals row 1.) Instead of creating rules, however, you can load default settings for the rules.
The IPtables Security page displays a separate table for each of the three chains and their associated rules. The rules, if they exist for a particular chain, are sorted by Rule ID. Columns display the network name, type of network, protocol, and other information. If necessary, use the scroll-bar on the right side of the page to view all of the rules and the scroll-bar at the bottom to view all of the columns. For more information on iptables functionality, see the Linux manual (man) pages for iptables.
To manage IPtables, first, enable IPtables security, if you have not already done so.
To enable IPtables security
Activate the checkbox next to Enable Port Management.
The Enable Port Management window becomes gray for a few minutes. When the window is active again, Enable Port Management is selected
Continue, as appropriate, by inserting a new rule, removing a rule, loading default settings, importing rules, or exporting rules.
To insert a new rule
On the Preferences page, click IPtables Security.
Ensure that Enable Port Management is selected.
If you enter a number that is already assigned to a rule, the existing rule is incremented by 1 (as are subsequent rules, if any) and the number you enter is assigned to the new rule. So, if, for example, Rule ID 1 already exists and you enter 1 for the new rule, the existing Rule ID 1 becomes Rule ID 2, the existing Rule ID 2 (if it exists) becomes Rule ID 3, and so on.
Protocol—Select udp, tcp, or all.
Selecting all causes the Grouping and Port Number fields to become inactive (gray) because setting a range of port numbers is unnecessary.
Click Insert to insert the new rule.
Click Save at the bottom of the page, or click Reset to cancel any unsaved changes, which restores rules to those of the last saved session.
After the new rule is saved, the IPtables Security page displays it in the appropriate chain.
To remove a rule
On the Preferences page, click IPtables Security.
Ensure that Enable IPtables Security is selected.
Click Save at the bottom of the page, or click Reset to cancel any unsaved changes, which restores rules to those of the last saved session.
After the rule is removed, it disappears from the IPtables Security page .
To load default settings
On the Preferences page, click IPtables Security.
Ensure that Enable Port Management is selected.
Click Load Default Settings at the bottom of the page.
A warning appears: Current settings will be overridden by the initial settings! Click OK if you want to load the default settings, or click Cancel to cancel the loading of default settings. If you click OK, the Enable Port Management window becomes gray for a few minutes and the Loading default settings.... message appears.