network iptables

Configure the iptables firewall for the appliance. You can use this command to configure the iptables ACCEPT and DROP rules.

By default, the SafeNet ProtectServer Network HSM allows access to all networks and hosts. The default policy for the INPUT and OUTPUT chain is set to ACCEPT. The default policy for the FORWARD chain is set to DROP, since the SafeNet ProtectServer Network HSM is not used to forward packets, as in a router or proxy.

User Access

admin, pseoperator

Syntax

network iptables

addrule
clear
delrule
save
show

Argument(s)	Shortcut	Description
addrule	a	Add an ACCEPT or DROP rule to the iptables firewall for the appliance. See network iptables addrule.
clear	c	Clear the iptables for the device. This returns the iptables to a factory default state.
delrule	d	Deletes the specified "INPUT" chain rule in iptables. Run network iptables show to see the rule numbers. See network iptables delrule
save	sa	Saves the iptables changes. You must execute this command or any changes will be discarded on the next appliance restart.
show	sh	Display the current iptables configuration.

Example

psesh:>network iptables show

Current iptables rules:

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  172.20.11.105        anywhere

DROP       all  --  172.20.11.105        anywhere

DROP       all  --  172-0-11-0.lightspeed.wlfrct.sbcglobal.net/255.0.255.0  anywhere

Command Result : 0 (Success)

psesh:>network iptables clear

WARNING: This will delete all configured rules and reset iptables to factory default. Proceed[y/n]?

> y

Proceeding....

clearing iptables...

Restarting network service...please wait

Command Result : 0 (Success)

psesh:>network iptables save

WARNING: This will save all the iptables changes and restart the network services. Proceed[y/n]?

>

Exiting....

Command Result : 0 (Success)