Custom iptables rules can be defined by editing the /etc/extility/iptables.custom file. These are applied in addition to autogenerated rules. The file is by default empty. Additions to this file should be in the form of the following:
@XVPSVC_HOST_IP@ -A INPUT -d 10.40.0.9 -p tcp --dport 22 -j ACCEPT
In this example, the following variables and flags are used:
| Variable / Flag | Description |
|---|---|
@XVP_HOST_IP@ | The variable defining the hostname. The rule will only be added if the host has an interface with an IP matching the contents of this variable. |
The remainder of the parameters are passed straight to iptables and thus for full documentation, type man iptables | |
-A | Appends the rule being defined to the current rule chain. |
INPUT | Defines that the rule affects incoming traffic. Possible other values are OUTPUT and FORWARD. |
-d | Used to specify the destination for the network traffic. |
10.40.0.9 | The destination (internal) IP address that the ACCEPT action applies to. |
-p tcp | Sets the connection protocol to tcp. |
--dport 22 | Sets the destination port on the IP address specified above to 22. |
-j ACCEPT | Sets the action to be applied for the rule. Possible other values are REJECT, DROP, and LOG. REJECT notifies the sender of the packet that their traffic was rejected, whilst DROP rejects the packet silently. |
For more information on how to use iptables, see the Ubuntu help documentation at https://help.ubuntu.com/community/IptablesHowTo.
If you alter /etc/extility/iptables.custom, your changes will be applied when build-config is next run.