network iptables

Configure the iptables firewall for the appliance. You can use this command to configure the iptables ACCEPT and DROP rules.

By default, the SafeNet ProtectServer Network HSM allows access to all networks and hosts. The default policy for the INPUT and OUTPUT chain is set to ACCEPT. The default policy for the FORWARD chain is set to DROP, since the SafeNet ProtectServer Network HSM is not used to forward packets, as in a router or proxy.

User Access

admin, pseoperator

Syntax

network iptables

addrule
clear
delrule
save
show

Argument(s)

Shortcut

Description

addrule

a

Add an ACCEPT or DROP rule to the iptables firewall for the appliance. See network iptables addrule.

clear

c

Clear the iptables for the device. This returns the iptables to a factory default state.

delrule

d

Deletes the specified "INPUT" chain rule in iptables. Run network iptables show to see the rule numbers. See network iptables delrule

save

sa

Saves the iptables changes. You must execute this command or any changes will be discarded on the next appliance restart.

show

sh

Display the current iptables configuration.

Example

psesh:>network iptables show
 
Current iptables rules:
 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  172.20.11.105        anywhere
DROP       all  --  172.20.11.105        anywhere
DROP       all  --  172-0-11-0.lightspeed.wlfrct.sbcglobal.net/255.0.255.0  anywhere
 
Command Result : 0 (Success)
 
 
 
psesh:>network iptables clear
 
WARNING: This will delete all configured rules and reset iptables to factory default. Proceed[y/n]?
> y
Proceeding....
clearing iptables...
Restarting network service...please wait
 
Command Result : 0 (Success)
 
 
 
psesh:>network iptables save
 
WARNING: This will save all the iptables changes and restart the network services. Proceed[y/n]?
>
Exiting....
 
Command Result : 0 (Success)