network iptables
Configure the iptables firewall for the appliance. You can use this command to configure the iptables ACCEPT and DROP rules.
By default, the SafeNet ProtectServer Network HSM allows access to all networks and hosts. The default policy for the INPUT and OUTPUT chain is set to ACCEPT. The default policy for the FORWARD chain is set to DROP, since the SafeNet ProtectServer Network HSM is not used to forward packets, as in a router or proxy.
User Access
admin, pseoperator
Syntax
network iptables
addrule
clear
delrule
save
show
Argument(s) | Shortcut | Description |
---|---|---|
addrule | a | Add an ACCEPT or DROP rule to the iptables firewall for the appliance. See network iptables addrule. |
clear | c | Clear the iptables for the device. This returns the iptables to a factory default state. |
delrule | d | Deletes the specified "INPUT" chain rule in iptables. Run network iptables show to see the rule numbers. See network iptables delrule |
save | sa | Saves the iptables changes. You must execute this command or any changes will be discarded on the next appliance restart. |
show | sh | Display the current iptables configuration. |
Example
psesh:>network iptables show
Current iptables rules:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 172.20.11.105 anywhere
DROP all -- 172.20.11.105 anywhere
DROP all -- 172-0-11-0.lightspeed.wlfrct.sbcglobal.net/255.0.255.0 anywhere
Command Result : 0 (Success)
psesh:>network iptables clear
WARNING: This will delete all configured rules and reset iptables to factory default. Proceed[y/n]?
> y
Proceeding....
clearing iptables...
Restarting network service...please wait
Command Result : 0 (Success)
psesh:>network iptables save
WARNING: This will save all the iptables changes and restart the network services. Proceed[y/n]?
>
Exiting....
Command Result : 0 (Success)