Page tree
Skip to end of metadata
Go to start of metadata

Custom iptables rules can be defined by editing the /etc/extility/iptables.custom file. These are applied in addition to autogenerated rules. The file is by default empty. Additions to this file should be in the form of the following:

@XVPSVC_HOST_IP@ -A INPUT -d 10.40.0.9 -p tcp --dport 22 -j ACCEPT

In this example, the following variables and flags are used:

Variable / FlagDescription
@XVP_HOST_IP@The variable defining the hostname. The rule will only be added if the host has an interface with an IP matching the contents of this variable.
 The remainder of the parameters are passed straight to iptables and thus for full documentation, type man iptables
-AAppends the rule being defined to the current rule chain.
INPUTDefines that the rule affects incoming traffic. Possible other values are OUTPUT and FORWARD.
-dUsed to specify the destination for the network traffic.
10.40.0.9The destination (internal) IP address that the ACCEPT action applies to.
-p tcpSets the connection protocol to tcp.
--dport 22Sets the destination port on the IP address specified above to 22.
-j ACCEPTSets the action to be applied for the rule. Possible other values are REJECT, DROP, and LOG. REJECT notifies the sender of the packet that their traffic was rejected, whilst DROP rejects the packet silently.

For more information on how to use iptables, see the Ubuntu help documentation at https://help.ubuntu.com/community/IptablesHowTo.

If you alter /etc/extility/iptables.custom, your changes will be applied when build-config is next run.

  • No labels