Advance Innovation Centre
  • AIC Knowledge @ EEC for All
  • 😎Logical Thinking
    • Karel Robot
    • Code to Flowchart
    • Play with Docker
    • CNX Software
  • MCU & Interfacing with Infineon PSOCâ„Ē
    • Basic MCU Interfacing
      • Introduction to CY8CKIT-062S2-43012 Pioneer Kit
      • Development Environment Preparation
      • PSoCâ„Ē 6S2 Peripherals Interfacing (GPIO)
        • Hello World and LED Blinking
        • GPIO Principles
        • PSoCâ„Ē 6S2 GPIO-HAL LED Blink Lab
        • PSoCâ„Ē 6S2 GPIO-PDL LED Blink Lab
        • Button "Bounce" Principles
          • Push/Pull Button to Turn ON/OFF LED via HAL
          • Push/Pull Button to Turn ON/OFF LED via PDL
          • GPIO Button Interrupt via HAL
          • GPIO Button Interrupt via PDL
        • GPIO variables & functions
      • PSoCâ„Ē 6S2 Peripherals Interfacing (ADC, PWM)
        • PSoCâ„Ē 6S2 SAR ADC
          • ADC Principles
          • PSoCâ„Ē 6S2 with ADC Labs
            • Reading potentiometer sensor value via an ADC HAL
            • Reading potentiometer sensor value via an ADC PDL
        • PSoCâ„Ē 6S2 PWM & TCPWM
          • PWM Principles
          • PSoCâ„Ē 6S2 for PMW Function Labs
            • LED Brightness using PWM via HAL
            • LED Brightness using PWM via PDL
    • Sensor Interfacing and HMI
      • OLED Display
        • OLED Display Principles
        • Calling BDH’s OLED functions
        • Display ADC via Potentiometer on OLED
      • BDH Shell
        • Shell Principles
        • LED Blinking and CAPSENSE via BDH Shell
        • Adding "History" command
        • Adding "Reboot" command
        • CAPSENSE Button and Slider
          • CAPSENSE Button and Slider with Capsense Tuner
          • CAPSENSE Button and Slider using FreeRTOS
    • Serial Communication & Visualization
      • UART, I2C, SPI Communication via Infineon PSoCâ„Ē6
      • BMX160 Sensor Communication via Infineon PSoCâ„Ē6
        • Reading ADC via HAL with Potentiometer and Displaying GUI on Serial Studio
        • Reading XENSIV-DPS-3XX Pressure Sensor and Displaying GUI on Serial Studio
        • Motion Sensors GUI Integration via Serial Studio
    • IoT Connectivity & Data Analytics via Node-Red
      • Node-Red Installation
      • Setting MQTTS to MQTT Broker
      • Sending PSoC6’s sensor to MQTT (node-red)
    • Edge AI on PSoCâ„Ē
      • Machine Learning on PSoCâ„Ē6 via Edge-Impulse
    • Infineon PSoCâ„Ē Troubleshooting
  • IoT Development with Infineon PSOCâ„Ē & BDH Platform
    • PSoCâ„Ē IoT Development Kit
      • Introduction to CY8CKIT-062S2-43012 Pioneer Kit
      • Development Environment Preparation
        • Hello World and LED Blinking
    • IoT Connectivity
      • Node-Red Installation
      • Controlling PSoCâ„Ē LED using MQTT
      • Setting MQTTS to MQTT Broker
      • Sending PSoC6’s sensor to MQTT (node-red)
    • BDH IoT Connectivity
    • WireLinXâ„Ē IoT PLC
    • BDH X-Brain Data Analytics
      • PSoC6 Data Collection to CSV log file
    • Data Visualization
      • āļŠāļĢāđ‰āļēāļ‡ Dashboard āļ”āđ‰āļ§āļĒ Looker Studio
  • ðŸ–ĨïļOperation Systems
    • Prerequisites
      • Guideline from Ubuntu
        • Ubuntu and VSCode on WSL2
      • āļ•āļīāļ”āļ•āļąāđ‰āļ‡ WSL 2
      • Run Ubuntu on VirtualBox7
    • Zero to Linux Hero
      • Computer OS Architecture
      • Anatomy of Linux System
        • UNIX/Linux History
        • UNIX/Linux Evolution
        • GNU Project
        • Linux OS Architecture
        • Command Line Interface (CLI)
          • Basic Commands
          • 😎Level up your Linux Shell
          • File & Dir. Commands
          • Searching Commands
          • 😎ChatGPT-based Terminal
          • SysAdmin Commands
          • Network Commands
          • Hacker Commands
        • Busybox
        • Shell Script
          • Awk Script
          • Bash Shell Script
            • Bash Snippets
            • Bash Useful Examples
      • Anatomy of Linux Kernel
        • Linux Kernel Principles
        • Linux Environment for Developer
      • Anatomy of Embedded Linux
        • Embedded Linux
        • Host & Target
        • Cross Toolchains
        • Bootloader
        • Building Embedded Linux
    • Linux OS Dev. Engineer
      • Process Management
        • Process Basic
        • Process State
        • Basic Process Mgmt. Commands
        • Advance Process Mgmt. Commands
        • Process API Programming
      • IPC
        • IPC Anatomy
        • Signal Programming
        • Pipe Programming
        • FIFO Programming
        • Msg. Queue Programming
          • System V
        • Share Memory Programming
          • System V
        • Socket Programming
      • POSIX Threads
        • Multi-tasking Basic
        • POSIX Thread Anatomy
        • Threading Programming
      • Applied IPC
        • Remote Commander
        • Multi-Remote Commanders
      • Process Synchronization
        • Mutex Programming
        • Semaphore Programming
      • Applied IPC with Semaphore
  • ⌚Embedded Systems Development
    • Introduction to ESD
      • Why's ESD?
      • What it use for?
      • How it works?
    • Enbedded System Development via PSoC6
      • Basic MCU Interfacing
        • Introduction to CY8CKIT-062S2-43012 Pioneer Kit
        • Development Environment Preparation
        • PSoCâ„Ē 6S2 Peripherals Interfacing (GPIO)
          • Hello World and LED Blinking
          • GPIO Principles
          • PSoCâ„Ē 6S2 GPIO-HAL LED Blink Lab
          • PSoCâ„Ē 6S2 GPIO-PDL LED Blink Lab
          • Button "Bounce" Principles
            • Push/Pull Button to Turn ON/OFF LED via HAL
            • Push/Pull Button to Turn ON/OFF LED via PDL
            • GPIO Button Interrupt via HAL
            • GPIO Button Interrupt via PDL
          • GPIO variables & functions
        • PSoCâ„Ē 6S2 Peripherals Interfacing (ADC, PWM)
          • PSoCâ„Ē 6S2 SAR ADC
            • ADC Principles
            • PSoCâ„Ē 6S2 with ADC Labs
              • Reading potentiometer sensor value via an ADC HAL
              • Reading potentiometer sensor value via an ADC PDL
          • PSoCâ„Ē 6S2 PWM & TCPWM
            • PWM Principles
            • PSoCâ„Ē 6S2 for PMW Function Labs
              • LED Brightness using PWM via HAL
              • LED Brightness using PWM via PDL
      • Sensor Interfacing and HMI
        • OLED Display
          • OLED Display Principles
          • Calling BDH’s OLED functions
          • Display ADC via Potentiometer on OLED
        • BDH Shell
          • Shell Principles
          • LED Blinking and CAPSENSE via BDH Shell
          • Adding "History" command
          • Adding "Reboot" command
          • CAPSENSE Button and Slider
            • CAPSENSE Button and Slider with Capsense Tuner
            • CAPSENSE Button and Slider using FreeRTOS
      • Serial Communication & Visualization
        • UART, I2C, SPI Communication via Infineon PSoCâ„Ē6
        • BMX160 Sensor Communication via Infineon PSoCâ„Ē6
          • Reading ADC via HAL with Potentiometer and Displaying GUI on Serial Studio
          • Reading XENSIV-DPS-3XX Pressure Sensor and Displaying GUI on Serial Studio
          • Motion Sensors GUI Integration via Serial Studio
    • Edge Computing and IoT Connectivity
    • Cloud-Based Data Analytics and Digital Twin
    • Edge Vision AI
    • Resources
      • Basic Hardware and Firmware
        • Environment Preparation
          • āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡āđ‚āļ›āļĢāđāļāļĢāļĄ Arduino IDE
            • āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāđ€āļĢāļīāđˆāļĄāļ•āđ‰āļ™āđƒāļŠāđ‰āļ‡āļēāļ™ Arduino IDE
          • āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡āđ‚āļ›āļĢāđāļāļĢāļĄāļŠāļģāļŦāļĢāļąāļšāđƒāļŠāđ‰āļ‡āļēāļ™āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļĄāļ·āļ­āļ§āļąāļ” NI MyDAQ
            • āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāļ•āļąāđ‰āļ‡āļ„āđˆāļēāđƒāļŠāđ‰ Digital Multimeter -NI ELVISmx
            • āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāļ•āļąāđ‰āļ‡āļ„āđˆāļēāđƒāļŠāđ‰ Oscilloscope-NI ELVISmx
          • āļ•āļīāļ”āļ•āļąāđ‰āļ‡āđ‚āļ›āļĢāđāļāļĢāļĄ KingstVIS
        • Basic measurement
          • Basic Digital and Analog I/O
            • LAB: Basic Digital Input/Output
            • LAB: Basic Analog Input/Output
          • Waveform
            • LAB: Oscilloscope
            • LAB: Oscilloscope and Function Generator
            • LAB: Pulse Width Modulation (PWM)
              • Homework
        • Interfacing and Communication
          • LAB: UART, RS485, RS232 Protocol
          • LAB: I2C Protocol
            • HOMEWORK
          • LAB: SPI Protocol
      • IoT Connectivity
        • Example: IoT with MQTT on Node-red
        • Data logger
        • LAB: Data Visualization
  • 🛠ïļC/C++ for Embedded Programming
    • Development Environment Preparation
      • āļ•āļīāļ”āļ•āļąāđ‰āļ‡ WSL 2
      • āļ•āļīāļ”āļ•āļąāđ‰āļ‡ Ubuntu environment
      • āļ•āļīāļ”āļ•āļąāđ‰āļ‡āđ‚āļ›āļĢāđāļāļĢāļĄ Visual Studio Code
      • āļāļēāļĢāđ€āļŠāļ·āđˆāļ­āļĄāļ•āđˆāļ­ Virtual studio code āđ€āļ‚āđ‰āļēāļāļąāļš WSL
      • āļ•āļīāļ”āļ•āļąāđ‰āļ‡ docker on WSL
    • Principle C/C++ Programming
      • Get started with C++
      • Makefile
        • Makefile Examples
      • Compiling and running
        • How to create a program that you can enter inputs.
          • Lab 1 Exercise
      • Arguments
        • Command line arguments in C and C++
      • signed and unsigned data types
      • Variable and Operator
      • If and If else
      • Loop, Infinite loop, and flag
        • Loop and Flag exercise
      • Array
        • Get to know with arrays
        • Implement example
      • Vector
    • Object Oriented Programming (OOP) in C++
      • Class and Object
      • Encapsulation and Abstraction
      • Polymorphism and Inheritance
    • C/C++ Preprocessing
      • Macro
        • Quiz Macro
      • File Inclusion
      • Conditional Compilation
      • Pragma directive
        • Quiz Pragma
    • String in C++
      • Concatenation
      • Split
    • Type conversions for C/C++
      • Conversion using Cast operator
    • Error handling
    • Data logger
      • āļāļēāļĢāļŠāļĢāđ‰āļēāļ‡āđ„āļŸāļĨāđŒāđāļĨāļ°āđ€āļ‚āļĩāļĒāļ™āđ„āļŸāļĨāđŒ
      • āļāļēāļĢāļ­āđˆāļēāļ™āđ„āļŸāļĨāđŒ
      • āļāļēāļĢāđ€āļāđ‡āļšāļ‚āđ‰āļ­āļĄāļđāļĨāļāļąāļšTime stamp
    • High performance programing
      • Multi-task and Multi-thread
        • Multi-threading example
      • Mutex
      • Queue
      • OpenCV
    • C/C++ Techniques
      • Makefile in action
      • Object Oriented Programming (OOP) in C++
        • Class and Object
        • Encapsulation and Abstraction
        • Polymorphism and Inheritance
      • C/C++ Preprocessing
        • Macro
          • Quiz Macro
        • File Inclusion
        • Conditional Compilation
        • Pragma directive
          • Quiz Pragma
      • Binary, Octal and Hexadecimal Numbers
      • Array and properties of an array
        • Get to know with arrays
        • Implement example
      • What's next?
  • ðŸĪ–Artificial Intelligence (AI)
    • VAMStack Design House, BUU
    • Data Analytics
      • Data cleansing
      • Data analytics
      • Data analytic exercise
    • Machine Learning
      • Neural Network Layers
      • Machine learning type
      • Dataset
      • Using Edge Impulse for AI Model
    • Basic Image Processing
      • Computer Vision using Python Language
        • Installation
        • Computer Vision Basics
          • Pixel and Color
          • Draw image
          • Basic Image processing
          • Morphology Transformations
          • Gaussian blur
          • Simple Thresholding
          • Contour
          • Canny edge detection
        • Case Study
          • Coin counting
          • Color detection & tracking
        • VAM_CV SDK
  • ⚙ïļFPGA Design and Development
    • Verilog HDL via Vivado IDE
      • LAB1: Setting Environment and Create Project
        • Create Vivado Project
      • LAB2: Hardware Description Language Work Flow
        • Simulation code
      • LAB3: Design HDL Project
        • Top Level Design
        • Top-level Simulation
      • LAB4: Asynchronous VS Synchronous Circuit
        • Simulation Synchronous counter
    • C/C++ Programming on Ultra96v2 FPGA Board
      • Application C/C++ on Ultra96v2 Part 1
        • Design Overview
        • Step 1 - Burn the image to SD card
        • Step 2 - Bring up Ultra96v2
        • Step 3 - Installing the Vitis-AI runtime packages
      • Application C/C++ on Ultra96v2 Part 2
        • STEP 1 : Setting auto boot Wifi
        • STEP 2 : How to working on Embedded
        • STEP 3 : How to run the test code
  • ðŸĪ–Robotics
    • Dobot Magician
      • Instruction of Dobot
      • Software Download
      • Basically of Program
        • Teaching and Playback
        • Write and Draw
        • LaserEngraving
        • 3D Printer
    • Robotino
      • Software Download
        • Robotino View
        • Robotino SIM
      • Charging
      • Connecting
      • Follow Line example
        • Basic block in Follow Line
    • RaspBlock
      • Get Started with Raspblock
  • ðŸšĐSpecial Topics
    • Node-Red
      • Set up Raspberry Pi
      • Install node red in Raspberry Pi
      • Get started with Node Red
        • Open node-red
        • Turn off node red
        • Install Dashboard on Node-red
        • Use node red to show message
        • Using Ultrasonic sensor with node-red
    • IoT Cloud
      • Overview
        • How do they work?
          • Basic Knowlege
      • Installations
        • Install Docker
        • Install Mosquitto Broker
        • Install InfluxDB
        • Install Telegraf
        • Install Grafana
      • Get Sensor Value and Send to MQTT
        • Connect ESP3266 to sensor
        • Connect ESP3266 to MQTT
      • Integration
    • Senses IoT
      • SENSES IoT Platform
      • LAB8: MCU send data to IoT platform
    • CrowPi Dev Kit
      • Raspberry Pi with CrowPi
      • Remote to Raspberry Pi
      • Cross-Compile
        • Lab 1: Programming and cross complier
      • Hardware and Interfaces Usage CLI
        • LAB: Usage GPIO via CLI
        • LAB: Scan I2C bus via CLI
      • Python library for Crow Pi
      • wiringPi library (C) for CrowPi
        • Lab2: Crowpi and sensors
    • LVGL Development
      • LVGL - Light and Versatile Embedded Graphics Library
        • Setting program for LVGL Simulator
        • Get started with LVGL simulator
        • Example Library of LVGL
        • Create your own screen
          • Exercise
        • Style
          • Exercise
        • Event
    • Docker OS
      • Docker OS Part 1
        • Part 1 : Installation
        • Part 2 : Basic Docker OS and Linux CLI
      • Docker OS Part 2
        • Part 1 : Docker communication
        • Part 2 : Docker compose
      • Application Gstreamer on devcontainer
        • STEP 1 : Setting gstreamer environment
        • STEP 2 : Create the Gstreamer element on template
        • STEP 3 : Testing and application on your gst element
  • ðŸĪŸRecommended by AIC
    • Skill Roadmap
      • Embedded Engineer
      • Developer
    • Hardware Programming
    • Embedded Programming
    • General-propose Programming
    • Algorithmica
    • Thai Expert Knowledge
    • RT-Thread University Program
      • Infineon PSoC6
      • Kernel
        • Kernel Basics
        • Thread Management
        • Clock Management
        • Inter-thread synchronization
        • Inter-thread communication
        • Memory Management
        • Interrupt Management
        • Kernel porting
        • Atomic Operations
        • RT-Thread SMP
        • Kernel API Changelog
      • Tools
      • Devices & Drivers
        • SENSOR Devices
        • Touch Equipment
        • CRYPTO Devices
        • AUDIO Devices
        • Pulse Encoder Devices
      • Components
        • C Library (libc)
        • ISO/ANSI C Standard
        • POSIX Standard
          • FILE (File IO)
          • Pthread
          • Timer
          • IPC Semaphore
          • IPC Message Queues
          • Dynamic Modules
        • Network Components
          • FinSH Console
          • FAL: Flash Abstraction Layer
          • Virtual File System
          • tmpfs: temporary file system
          • ulog log
          • utest testing framework
          • Power Management
          • RT-Link
        • Software Packages
          • Internet of Things
            • MQTT-umqtt
            • Telnet
          • Tools
            • SystemView
            • SEGGER_RTT
          • LVGL Manual
            • Touch Screen Driver
      • Demo
        • Infineon Gateway
        • Handwriting Recognition (MNIST)
        • Object Detection (Darknet)
        • ROS using RT-Thread
        • Control the car using RT-Thread
        • LiDAR via RT-Thread
        • Detection via RT-Thread and ROS
        • Sensor Driver Development Guide
Powered by GitBook

Assoc. Prof. Wiroon Sriborrirux, Founder of Advance Innovation Center (AIC) and Bangsaen Design House (BDH), Electrical Engineering Department, Faculty of Engineering, Burapha University

On this page

Was this helpful?

Last updated 1 year ago

Was this helpful?

iptables

iptables āđ€āļ›āđ‡āļ™āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļĄāļ·āļ­āļŠāļģāļ„āļąāļāļ­āļĩāļāļ•āļąāļ§āļŦāļ™āļķāđˆāļ‡āļ—āļĩāđˆāļ–āļđāļāļ™āļģāļĄāļēāđƒāļŠāđ‰āđƒāļ™āļāļēāļĢāļˆāļąāļ”āļāļēāļĢāļĢāļ°āļšāļšāļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒāđƒāļ™āļĢāļ°āļšāļšāđ€āļ„āļĢāļ·āļ­āļ‚āđˆāļēāļĒāļ—āļĩāđˆāđ€āļĢāļĩāļĒāļāļ§āđˆāļē āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒ (firewall) āđ‚āļ”āļĒāļžāļ·āđ‰āļ™āļāļēāļ™āđƒāļ™āļāļēāļĢāļāļģāļŦāļ™āļ”āļāļēāļĢāļ„āļ§āļšāļ„āļļāļĄāļāļēāļĢāđ€āļ‚āđ‰āļēāļ­āļ­āļāļ‚āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨāļ™āļąāđ‰āļ™ āļœāļđāđ‰āļ”āļđāđāļĨāļĢāļ°āļšāļšāļŦāļĢāļ·āļ­āđāļĄāđ‰āđāļ•āđˆāļ™āļąāļāļžāļąāļ’āļ™āļēāļ—āļēāļ‡āļ”āđ‰āļēāļ™āļĢāļ°āļšāļšāļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§āļ„āļ§āļĢāđ€āļ‚āđ‰āļēāđƒāļˆāđ‚āļ„āļĢāļ‡āļŠāļĢāđ‰āļēāļ‡āđāļĨāļ°āļŦāļĨāļąāļāļāļēāļĢāļ—āļģāļ‡āļēāļ™āļ‚āļ­āļ‡ iptables āđ€āļ›āđ‡āļ™āļ­āļĒāđˆāļēāļ‡āļ”āļĩ

āļ āļēāļĒāđƒāļ™ iptables āļ™āļąāđ‰āļ™āļĄāļĩāļ”āđ‰āļ§āļĒāļāļąāļ™āļŦāļĨāļēāļĒāļ•āļēāļĢāļēāļ‡ (tables) āđ‚āļ”āļĒāđāļ•āđˆāļĨāļ°āļ•āļēāļĢāļēāļ‡āļˆāļ°āļ›āļĢāļ°āļāļ­āļšāđ„āļ›āļ”āđ‰āļ§āļĒāļŦāļĨāļēāļĒāļĢāļēāļĒāļāļēāļĢāļ—āļĩāđˆāđ€āļĢāļĩāļĒāļāļ§āđˆāļē chain (āļ—āļĩāđˆ iptables āđ€āļ•āļĢāļĩāļĒāļĄāļĄāļēāđƒāļŦāđ‰āđāļĨāđ‰āļ§āļŦāļĢāļ·āļ­āļœāļđāđ‰āđƒāļŠāđ‰āļāļģāļŦāļ™āļ”āļ‚āļķāđ‰āļ™āđ€āļ­āļ‡) āđāļĨāļ°āļ āļēāļĒāđƒāļ™āđāļ•āđˆāļĨāļ° chain āļˆāļ°āļ›āļĢāļ°āļāļ­āļšāđ„āļ›āļ”āđ‰āļ§āļĒāļ‚āđ‰āļ­āļāļģāļŦāļ™āļ”āļāļēāļĢāļ„āļ§āļšāļ„āļļāļĄāļāļēāļĢāđ€āļ‚āđ‰āļēāļ­āļ­āļāļ‚āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨāļ—āļĩāđˆāđ€āļĢāļĩāļĒāļāļ§āđˆāļē rule āļ”āļąāļ‡āđ‚āļ„āļĢāļ‡āļŠāļĢāđ‰āļēāļ‡āđāļŠāļ”āļ‡āđƒāļ™āļĢāļđāļ›āļ‚āđ‰āļēāļ‡āļĨāđˆāļēāļ‡

iptables āļˆāļ°āļ–āļđāļāđ€āļ•āļĢāļĩāļĒāļĄāļ•āļēāļĢāļēāļ‡āđƒāļŦāđ‰āđāļĨāđ‰āļ§ 4 āļ•āļēāļĢāļēāļ‡ (4 built-in tables) āđ„āļ”āđ‰āđāļāđˆ

  1. Filter Table

  2. NAT Table

  3. Mangle Table

  4. Raw Table

āļŠāđˆāļ§āļ™āļ›āļĢāļ°āļāļ­āļšāļ‚āļ­āļ‡ iptables āļˆāļ°āļĄāļĩāļŠāđˆāļ§āļ™āļ›āļĢāļ°āļāļ­āļšāļŦāļĨāļąāļ 3 āļŠāđˆāļ§āļ™āđ„āļ”āđ‰āđāļāđˆ

  • INPUT āļ„āļ·āļ­āļŠāđˆāļ§āļ™āļ‚āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨāļ—āļĩāđˆāđ€āļ‚āđ‰āļēāļĄāļēāļŠāļđāđˆāđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļ„āļ­āļĄāļžāļīāļ§āđ€āļ•āļ­āļĢāđŒ

  • OUTPUT āļ„āļ·āļ­āļŠāđˆāļ§āļ™āļ‚āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨāļ—āļĩāđˆāļ­āļ­āļāļˆāļ°āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļ„āļ­āļĄāļžāļīāļ§āđ€āļ•āļ­āļĢāđŒ

  • FORWARD āļ„āļ·āļ­āļŠāđˆāļ§āļ™āļ—āļĩāđˆāļŠāđˆāļ‡āļ•āđˆāļ­āļ‚āđ‰āļ­āļĄāļđāļĨāļˆāļēāļāļĢāļ°āļšāļšāđ€āļ„āļĢāļ·āļ­āļ‚āđˆāļēāļĒāļ āļēāļĒāđƒāļ™āļŠāļđāđˆāđ€āļ„āļĢāļ·āļ­āļ‚āđˆāļēāļĒāļ āļēāļĒāļ™āļ­āļ āļ‹āļķāđˆāļ‡āļāļēāļĢāļšāļĨāđ‡āļ­āļāļžāļ­āļĢāđŒāļ•āļāđ‡āļˆāļ°āđƒāļŠāđ‰āļŠāđˆāļ§āļ™āļ™āļĩāđ‰āđ€āļ›āđ‡āļ™āļŦāļĨāļąāļ

āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āļāļēāļĢāđāļŠāļ”āļ‡āļĢāļēāļĒāļĨāļ°āđ€āļ­āļĩāļĒāļ”āļ‚āļ­āļ‡āļ•āļēāļĢāļēāļ‡āļ āļēāļĒāđƒāļ™ iptables

āđ‚āļ”āļĒāļ—āļĩāđˆ

  • ACCEPT āļ„āļ·āļ­āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒāļˆāļ°āļĒāļ­āļĄāđƒāļŦāđ‰āđāļžāđ‡āļāđ€āļāđ‡āļ• (packet) āļœāđˆāļēāļ™āđ„āļ›āļĒāļąāļ‡āļ›āļĨāļēāļĒāļ—āļēāļ‡āđ„āļ”āđ‰

  • DROP āļ„āļ·āļ­āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒāļˆāļ°āļ—āļīāđ‰āļ‡āđāļžāđ‡āļāđ€āļāđ‡āļ•āļ—āļąāļ™āļ—āļĩ āđāļ•āđˆāļˆāļ°āđ„āļĄāđˆāđāļˆāđ‰āļ‡āļœāļđāđ‰āļŠāđˆāļ‡āđ€āļāļĩāđˆāļĒāļ§āļāļąāļšāļ‚āđ‰āļ­āļ„āļ§āļēāļĄāļ—āļĩāđˆāļŠāđˆāļ‡āđ„āļĄāđˆāļŠāļģāđ€āļĢāđ‡āļˆ

  • REJECT āļ„āļ·āļ­āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒāļˆāļ°āļ—āļīāđ‰āļ‡āđāļžāđ‡āļāđ€āļāđ‡āļ•āļ—āļąāļ™āļ—āļĩ āđāļĨāļ°āļœāļđāđ‰āļŠāđˆāļ‡āļˆāļ°āđ„āļ”āđ‰āļĢāļąāļšāļ‚āđ‰āļ­āļ„āļ§āļēāļĄāļœāđˆāļēāļ™ ICMP āļ•āļ­āļšāļāļĨāļąāļšāļ–āļķāļ‡āļ‚āđ‰āļ­āļ„āļ§āļēāļĄāļ—āļĩāđˆāļŠāđˆāļ‡

āđ„āļĄāđˆāļŠāļģāđ€āļĢāđ‡āļˆ

  • QUEUE āļ„āļ·āļ­āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒāļˆāļ°āļŠāđˆāļ‡āļ•āđˆāļ­āđāļžāđ‡āļāđ€āļāđ‡āļ• āđ„āļ›āļĒāļąāļ‡āļŠāđˆāļ§āļ™āļĢāļ°āļšāļšāļšāļ™āļ—āļĩāđˆāļ•āļīāļ”āļ•āđˆāļ­āļāļąāļšāļœāļđāđ‰āđƒāļŠāđ‰ (userspace)

  • RETURN āļ„āļ·āļ­āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒāļˆāļ°āļŦāļĒāļļāļ”āļāļēāļĢāļ—āļģāļ‡āļēāļ™āļ āļēāļĒāđƒāļ™ chain āđāļĨāđ‰āļ§āļāļĨāļąāļšāđ„āļ›āļĒāļąāļ‡ Chain āđ€āļ”āļīāļĄāļ—āļĩāđˆāđ€āļĢāļĩāļĒāļāļāđˆāļ­āļ™āļŦāļ™āđ‰āļēāļ™āļĩāđ‰

āļ•āļąāļ§āļ­āļĒāđˆāļēāļ‡āđāļŠāļ”āļ‡āļāļēāļĢāđ€āļ›āļīāļ”āļžāļ­āļĢāđŒāļ•āļ”āđ‰āļ§āļĒāļ„āļģāļŠāļąāđˆāļ‡ iptables āđ‚āļ”āļĒāļŦāļĨāļąāļāļāļēāļĢāļŠāļģāļ„āļąāļāļ„āļ·āļ­ āļ„āļ§āļĢāļ›āļīāļ”āļžāļ­āļĢāđŒāļ•āļ—āļąāđ‰āļ‡āļŦāļĄāļ”āļāđˆāļ­āļ™āđāļĨāđ‰āļ§āļˆāļķāļ‡āļ„āđˆāļ­āļĒāđ€āļĨāļ·āļ­āļāđ€āļ›āļīāļ”āļžāļ­āļĢāđŒāļ•āļ—āļĩāđˆāđƒāļŠāđ‰āļ—āļĩāļĨāļ°āļžāļ­āļĢāđŒāļ•āļˆāļ°āđ€āļ›āđ‡āļ™āļ§āļīāļ˜āļĩāļ—āļĩāđˆāļĄāļĩāļ„āļ§āļēāļĄāļ›āļĨāļ­āļ”āļ āļąāļĒāļ—āļĩāđˆāļŠāļļāļ”

āļžāļ­āļĢāđŒāļ•āļžāļ·āđ‰āļ™āļāļēāļ™āļ—āļĩāđˆāļˆāļ°āļ–āļđāļāđ€āļ›āļīāļ”āđ„āļ§āđ‰āļŠāļģāļŦāļĢāļąāļšāļšāļ­āļĢāđŒāļ”āļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§ āđ€āļžāļ·āđˆāļ­āđƒāļŠāđ‰āđƒāļ™āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ bootloader,āļĨāļĩāļ™āļļāļāļ‹āđŒāļ„āļ­āļĢāđŒāđ€āļ™āļĨāđāļĨāļ° āđ€āļĢāļĩāļĒāļ root filesystem āđ„āļ”āđ‰āļ™āļąāđ‰āļ™āļˆāļ°āļĄāļĩāļ”āđ‰āļ§āļĒāļāļąāļ™āļ­āļĒāđˆāļēāļ‡āļ™āđ‰āļ­āļĒ 4 āļ–āļķāļ‡ 5 āļžāļ­āļĢāđŒāļ• āđ„āļ”āđ‰āđāļāđˆ

āļ•āļēāļĢāļēāļ‡āļĢāļēāļĒāļāļēāļĢ services āļ—āļĩāđˆāļ–āļđāļāđ€āļ›āļīāļ”āđƒāļŠāđ‰āđƒāļ™āļĢāļ°āļšāļšāļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§

āđƒāļ™āļāļĢāļ“āļĩāļ—āļĩāđˆāļ•āđ‰āļ­āļ‡āļāļēāļĢāļ›āļīāļ”āļāļēāļĢāļ—āļģāļ‡āļēāļ™āļ‚āļ­āļ‡āđ„āļŸāļĢāđŒāļ§āļ­āļĨāļĨāđŒ āđ€āļžāļ·āđˆāļ­āđ€āļ‚āđ‰āļēāļŠāļđāđˆāđ‚āļŦāļĄāļ”āļšāļģāļĢāļļāļ‡āļĢāļąāļāļĐāļēāļĢāļ°āļšāļšāļŠāļēāļĄāļēāļĢāļ–āđƒāļŠāđ‰āļ„āļģāļŠāļąāđˆāļ‡āļ”āļąāļ‡āļ•āđˆāļ­āđ„āļ›āļ™āļĩāđ‰

NFS

nfs āđ€āļ›āđ‡āļ™āđ‚āļ›āļĢāđ‚āļ•āļ„āļ­āļĨāļ—āļĩāđˆāđ„āļ”āđ‰āļĢāļąāļšāļāļēāļĢāļ­āļ­āļāđāļšāļšāļĄāļēāđ€āļžāļ·āđˆāļ­āļāļēāļĢāđ€āļŠāļ·āđˆāļ­āļĄāđ‚āļĒāļ‡āļ—āļĢāļąāļžāļĒāļēāļāļĢāļŪāļēāļĢāđŒāļ”āļ”āļīāļŠāļāđŒāļˆāļēāļāđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļ­āļ·āđˆāļ™āđ†āļ—āļĩāđˆāļ­āļĒāļđāđˆāļšāļ™āđ€āļ„āļĢāļ·āļ­āļ‚āđˆāļēāļĒāļ„āļ­āļĄāļžāļīāļ§āđ€āļ•āļ­āļĢāđŒāļ—āļĩāđˆāļ­āļĒāļđāđˆāļŦāđˆāļēāļ‡āļ­āļ­āļāđ„āļ›āđƒāļŦāđ‰āđ€āļ›āđ‡āļ™āđ€āļŠāļĄāļ·āļ­āļ™āļĢāļ°āļšāļšāđ„āļŸāļĨāđŒāļ‚āļ­āļ‡āļ­āļļāļ›āļāļĢāļ“āđŒāđ€āļ­āļ‡ āļŠāļģāļŦāļĢāļąāļšāļ™āļąāļāļžāļąāļ’āļ™āļēāļĢāļ°āļšāļšāļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§āđāļĨāđ‰āļ§āļāļēāļĢāđƒāļŠāđ‰āļ‡āļēāļ™ nfs āļĄāļĩāļœāļĨāļ—āļģāđƒāļŦāđ‰āđƒāļ™āļĢāļ°āļŦāļ§āđˆāļēāļ‡āļāļēāļĢāļ›āļĢāļąāļšāđāļ•āđˆāļ‡āļĢāļ°āļšāļšāļ›āļāļīāļšāļąāļ•āļīāļāļēāļĢ āļŦāļĢāļ·āļ­āļāļēāļĢāļžāļąāļ’āļ™āļēāđ‚āļ›āļĢāđāļāļĢāļĄāđ€āļžāļ·āđˆāļ­āđƒāļŠāđ‰āđƒāļ™āļĢāļ°āļšāļšāļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§āļ„āļĨāđˆāļ­āļ‡āļ•āļąāļ§āđāļĨāļ°āļŠāļ°āļ”āļ§āļāļĄāļēāļāļĒāļīāđˆāļ‡āļ‚āļķāđ‰āļ™āđāļĨāļ°āđ„āļĄāđˆāļĄāļĩāļ‚āđ‰āļ­āļˆāļģāļāļąāļ”āļ‚āļ­āļ‡āļ‚āļ™āļēāļ”āđƒāļ™āļāļēāļĢāđ€āļāđ‡āļšāļ‚āđ‰āļ­āļĄāļđāļĨ āđ‚āļ”āļĒāļāļēāļĢāļ™āļģāđ„āļŸāļĨāđŒ root file system (RFS) āđ„āļ›āļ§āļēāļ‡āđ„āļ§āđ‰āđƒāļ™āđ„āļ”āđ€āļĢāļāļ—āļ­āļĢāļĩāļ—āļĩāđˆāļ–āļđāļāļ•āļąāđ‰āļ‡āļ„āđˆāļēāđƒāļŦāđ‰āđ€āļ›āđ‡āļ™āđ„āļ”āđ€āļĢāļ­āļ—āļ­āļĢāļĩāļ—āļĩāđˆāļ–āļđāļāđāļŠāļĢāđŒāļœāđˆāļēāļ™āđ‚āļ›āļĢāđ‚āļ•āļ„āļ­āļĨ NFS āđ€āļ™āļ·āđˆāļ­āļ‡āļˆāļēāļāđ‚āļ”āļĒāļ—āļąāđˆāļ§āđ„āļ›āđāļĨāđ‰āļ§āđ€āļĄāļ·āđˆāļ­āļ™āļąāļāļžāļąāļ’āļ™āļēāđ„āļ”āđ‰āļ›āļĢāļąāļšāđāļ•āđˆāļ‡āļĢāļ°āļšāļšāļ›āļāļīāļšāļąāļ•āļīāļāļēāļĢāđ€āļŠāļĢāđ‡āļˆ āđāļĨāļ°āļžāļąāļ’āļ™āļēāđ‚āļ›āļĢāđāļāļĢāļĄāļāļąāļ‡āđ€āļ‚āđ‰āļēāđ„āļ› root file system āđ€āļĢāļĩāļĒāļšāļĢāđ‰āļ­āļĒāļāđ‡āļˆāļ°āļ–āļđāļāļ™āļģāđ„āļ›āđ€āļ‚āļĩāļĒāļ™āļĨāļ‡āđƒāļ™āļ•āļąāļ§āđ€āļāđ‡āļšāļ‚āđ‰āļ­āļĄāļđāļĨāļ—āļĩāđˆāļ­āļĒāļđāđˆāļ āļēāļĒāđƒāļ™āļšāļ­āļĢāđŒāļ”āļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§ āđ€āļŠāđˆāļ™ Flash Memory āđ€āļ›āđ‡āļ™āļ•āđ‰āļ™

āđƒāļ™āļĢāļ°āļšāļšāļ›āļāļīāļšāļąāļ•āļīāļāļēāļĢāļĨāļĩāļ™āļļāļāļ‹āđŒāļšāļ™āļĢāļ°āļšāļšāļŠāļĄāļ­āļ‡āļāļĨāļāļąāļ‡āļ•āļąāļ§ āļāļēāļĢāđ€āļŠāļ·āđˆāļ­āļĄāļ•āđˆāļ­āļĢāļ°āļšāļšāđ€āļ‚āđ‰āļēāļāļąāļš Network File System āļ™āļąāđ‰āļ™āđƒāļ™āļ‚āļąāđ‰āļ™āļ•āļ­āļ™āļāļēāļĢāļ—āļģāļ‡āļēāļ™āļˆāļ°āļĄāļĩāļĨāļąāļāļĐāļ“āļ°āđ€āļ”āļĩāļĒāļ§āļāļąāļšāļāļēāļĢāđ€āļŠāļ·āđˆāļ­āļĄāļ•āđˆāļ­āļ‚āļ­āļ‡āļĢāļ°āļšāļšāļ›āļāļīāļšāļąāļ•āļīāļāļēāļĢāļĨāļĩāļ™āļļāļāļ‹āđŒāđ‚āļ”āļĒāļ—āļąāđˆāļ§āđ„āļ›

āļ‚āļąāđ‰āļ™āļ•āļ­āļ™āļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ nfs-kernel-server āđāļĨāļ°āļ•āļąāđ‰āļ‡āļ„āđˆāļēāđƒāļ™āđ„āļŸāļĨāđŒ /etc/exports āļ”āļąāļ‡āļ™āļĩāđ‰

āļ—āļģāļāļēāļĢāđ€āļĢāļĩāļĒāļ service āļ—āļĩāđˆāđ€āļāļĩāđˆāļĒāļ§āļ‚āđ‰āļ­āļ‡āļ—āļąāđ‰āļ‡āļŦāļĄāļ” āļ”āđ‰āļ§āļĒāļ„āļģāļŠāļąāđˆāļ‡

āđ„āļŸāļĨāđŒ /etc/exports āđ€āļ›āđ‡āļ™āđ„āļŸāļĨāđŒāļ—āļĩāđˆāđ„āļ”āđ‰āļ–āļđāļāļŠāļĢāđ‰āļēāļ‡āļ‚āļķāđ‰āļ™āļˆāļēāļāđ€āļ„āļĢāļ·āđˆāļ­āļ‡āđāļĄāđˆāļ‚āđˆāļēāļĒ āđ€āļžāļ·āđˆāļ­āļĢāļ°āļšāļļāļ§āđˆāļēāļˆāļ°āđƒāļŦāđ‰āđ„āļ”āđ€āļĢāļāļ—āļ­āļĢāļĩāđƒāļ”āđƒāļ™āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āđāļĄāđˆāļ‚āđˆāļēāļĒāļ—āļĩāđˆāļˆāļ°āđƒāļŦāđ‰āđ€āļ„āļĢāļ·āđˆāļ­āļ‡āļĨāļđāļāļ‚āđˆāļēāļĒāļŠāļēāļĄāļēāļĢāļ–āļ—āļģāļāļēāļĢ mount āđ„āļ”āđ€āļĢāļāļ—āļ­āļĢāļĩāđ„āļ”āđ‰ āļ”āđ‰āļ§āļĒāļ„āļģāļŠāļąāđˆāļ‡āļ‚āđ‰āļēāļ‡āļĨāđˆāļēāļ‡

Service
Port Name
Port No.
TCP/IP Protocol
$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
$ IPTABLES -P FORWARD DROP      #CLOSE PORT ALL
$ IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$ IPTABLES -A FORWARD -p tcp --dport 53 -j ACCEPT    #DNS
$ IPTABLES -A FORWARD -p udp --dport 53 -j ACCEPT #DNS
$ IPTABLES -A FORWARD -p udp --dport 67 -j ACCEPT #DHCP
$ IPTABLES -A FORWARD -p udp --dport 69 -j ACCEPT #TFTP
$ IPTABLES -A FORWARD -p udp --dport 111 -j ACCEPT   #NFS
$ IPTABLES -A FORWARD -p udp --dport 2049 -j ACCEPT  #NFS
$ IPTABLES -A FORWARD -p udp --dport 32700 -j ACCEPT #NFS
$ IPTABLES -A FORWARD -p tcp --dport 80 -j ACCEPT #HTTP
$ IPTABLES -A FORWARD -p tcp --dport 8080 -j ACCEPT  #HTTP
$ IPTABLES -A FORWARD -p tcp --dport 443 -j ACCEPT   #HTTPS
$ IPTABLES -A FORWARD -p tcp --dport 8443 -j ACCEPT  #HTTPS
$ IPTABLES -A FORWARD -p tcp --dport 20 -j ACCEPT #FTP
$ IPTABLES -A FORWARD -p udp --dport 20 -j ACCEPT #FTP
$ IPTABLES -A FORWARD -p tcp --dport 21 -j ACCEPT #FTP
$ IPTABLES -A FORWARD -p udp --dport 21 -j ACCEPT #FTP
$ IPTABLES -A FORWARD -p tcp --dport 22 -j ACCEPT #SSH
$ IPTABLES -A FORWARD -p tcp --dport 23 -j ACCEPT #TELNET

DHCP

bootps

67

UDP

TFTP

tftp

69

UDP

NFS

sunrpc

111

UDP

nfs

2049

UDP

mountd

32700 āļŦāļĢāļ·āļ­ 32772

UDP

$ sudo /etc/init.d/iptables off
$ sudo apt-get install rpcbind nfs-kernel-server
$ sudo mkdir /rootfs
$ sudo vim /etc/exports
/rootfs 192.168.0.2(rw,sync,no_subtree_check,no_root_squash)
/rootfs localhost(rw,sync,no_subtree_check,no_root_squash)
$ sudo service xinetd restart
$ sudo service tftpd-hpa restart
$ sudo service isc-dhcp-server restart
$ sudo service rpcbind-boot stop
$ sudo service nfs-kernel-server stop
$ sudo service rpcbind-boot start
$ sudo service nfs-kernel-server start
$ mount –t nfs nfs_server_Address:/rootfs/ /mnt/rfs
  1. ðŸ–ĨïļOperation Systems
  2. Zero to Linux Hero
  3. Anatomy of Linux System
  4. Command Line Interface (CLI)

Network Commands

PreviousSysAdmin CommandsNextHacker Commands
  • iptables
  • NFS
āļ•āļēāļĢāļēāļ‡āļ—āļĩāđˆāđƒāļŠāđ‰āđƒāļ™āļāļēāļĢāļāđāļēāļŦāļ™āļ”āļāļāļ‚āļ­āļ‡ iptables
āđ‚āļŸāļĨāļ§āđŒāļŠāļēāļĢāđŒāļ•āđāļŠāļ”āļ‡āļāļēāļĢāļ„āļ§āļšāļ„āļļāļĄāļāļēāļĢāđ„āļŦāļĨāļ‚āļ­āļ‡āļ‚āđ‰āļ­āļĄāļđāļĨ
āļĢāļēāļĒāļĨāļ°āđ€āļ­āļĩāļĒāļ”āļ‚āļ­āļ‡āđ‚āļ›āļĢāđ‚āļ•āļ„āļ­āļĨāđƒāļ™āđāļ•āđˆāļĨāļ°āļŠāđ‰āļąāļ™āļ‚āļ­āļ‡ TCP/IP
āđāļŠāļ”āļ‡āļ‚āđ‰āļąāļ™āļ•āļ­āļ™āļāļēāļĢ mount āļžāļ·āđ‰āļ™āļ—āļĩāđˆāļšāļ™āđ€āļ„āļĢāļ·āđˆāļ­āļ‡ Host āļ”āđ‰āļ§āļĒāđ‚āļ›āļĢāđ‚āļ•āļ„āļ­āļĨ NFS