Edit an existing Rule through CLI
Log in to the Nodegrid device CLI console with an admin account.
Navigate to the firewall Chain which contains the rule.
List all available rules with the show command:
[admin@nodegrid INPUT]# show rules target source net4 destination net4 protocol input interface output interface packets bytes ===== ====== ============== ================ ======== =============== ================ ======= ====== 0 ACCEPT 127.0.0.1 3979 251243 1 ACCEPT 192.168.56.101 0 0 2 ACCEPT 192.168.1.1 0 0Navigate into the rule to be change with its rule number.
[admin@nodegrid INPUT]# cd 2/Use the set command to create the new rule settings. Press TAB twice to see all available options.
[admin@nodegrid 2]# set protocol=tcp destination_port=443Use the commit command to save and activate the changes.
[+admin@nodegrid 2]# commitUse the show command to see the current values for the rule.
[admin@nodegrid 2]# show target = ACCEPT source_net4 = 192.168.1.1 destination_net4 = protocol = tcp source_port = destination_port = 443 tcp_flag_syn = any tcp_flag_ack = any tcp_flag_fin = any tcp_flag_rst = any tcp_flag_urg = any tcp_flag_psh = any input_interface = any output_interface = any fragments = all_packets_and_fragments reverse_match_for_source_ip|mask = no reverse_match_for_destination_ip|mask = no reverse_match_for_source_port = no reverse_match_for_destination_port = no reverse_match_for_protocol = no reverse_match_for_tcp_flags = no reverse_match_for_icmp_type = no reverse_match_for_input_interface = no reverse_match_for_output_interface = no reject_with = port_unreacheable log_level = debug log_prefix = log_tcp_sequence_numbers = no log_options_from_the_tcp_packet_header = no log_options_from_the_ip_packet_header = no
A list of currently active IPv4 rules can be see with the command shell sudo /usr/sbin/iptables -L -nvx
[admin@nodegrid 2]# shell sudo /usr/sbin/iptables -L -nvx Chain INPUT (policy ACCEPT 38 packets, 2372 bytes) pkts bytes target prot opt in out source destination 385 38206 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0 0 0 ACCEPT all -- * * 192.168.56.101 0.0.0.0/0 0 0 ACCEPT tcp -- * * 192.168.1.1 0.0.0.0/0 tcp dpt:443 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 385 38206 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0 24 2828 ACCEPT all -- * * 192.168.56.101 0.0.0.0/0A list of currently active IPv6 rules can be see with the command shell sudo /usr/sbin/ip6tables -L -nvx
[admin@nodegrid 2]# shell sudo /usr/sbin/ip6tables -L -nvx Chain INPUT (policy DROP 1 packets, 72 bytes) pkts bytes target prot opt in out source destination 2 132 ACCEPT all lo * ::/0 ::/0 0 0 ACCEPT all * * ::1 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 8822 packets, 451048 bytes) pkts bytes target prot opt in out source destination 2 132 ACCEPT all * * ::1 ::/0
Edit an existing Rule through WebUI
Log in to the Nodegrid Manager Web UI with an admin account.
Go to Security::Firewall.
Click on the Chain which contains the rule to see a list of current rules.
Select the rule to be changed.
Click Edit.
Specify the settings as required and click Save. The new rule gets saved and will be effective immediately
