Difference between revisions of "Iptables"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Tags: Mobile web edit, Mobile edit
Line 21: Line 21:
  
  
 +
* Port forwarding: <code>iptables -t nat -I PREROUTING --src 0/0 --dst 10.10.10.x -p tcp --dport 80 -j REDIRECT --to-ports 8123</code>
 
* Block all output traffic: <code>iptables -A OUTPUT -o ethXXX -j DROP</code>
 
* Block all output traffic: <code>iptables -A OUTPUT -o ethXXX -j DROP</code>
 
* Open a port: <code>iptables -I INPUT -p tcp --dport XXX -j ACCEPT</code>
 
* Open a port: <code>iptables -I INPUT -p tcp --dport XXX -j ACCEPT</code>

Revision as of 08:49, 31 August 2020

iptables command line utility allows to modify Linux kernel firewall rules.


Basic commands


  • iptables-save and iptables-restore
  • apt-get install iptables-persistent


  • Add: iptables -A
  • Delete: iptables -D

Examples

KVM VNC remote viewer
iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 5900 -j DNAT --to 127.0.0.1:5900
sysctl -w net.ipv4.ip_forward=1
sysctl -p /etc/sysctl.conf


  • Port forwarding: iptables -t nat -I PREROUTING --src 0/0 --dst 10.10.10.x -p tcp --dport 80 -j REDIRECT --to-ports 8123
  • Block all output traffic: iptables -A OUTPUT -o ethXXX -j DROP
  • Open a port: iptables -I INPUT -p tcp --dport XXX -j ACCEPT
  • Block all but a range
iptables -I OUTPUT -m iprange --dst-range <remote_ip>  -j ACCEPT
iptables -I INPUT -m iprange --src-range <remote_ip> -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
netfilter-persistent save
  • Block all but one IP
iptables -I OUTPUT -d <remote_ip>  -j ACCEPT
iptables -I INPUT -s <remote_ip> -j ACCEPT
iptables -I OUTPUT -d <remote_ip> -j ACCEPT
iptables -I INPUT -s <remote_ip> -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
  • Allow ssh connections only from specific IPs:
iptables -A INPUT -p tcp --dport 22 -s YourIP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
netfilter-persistent save

Activities

  1. Read iptables Ubuntu howto: https://help.ubuntu.com/community/IptablesHowTo
  2. Read archlinux documentation: https://wiki.archlinux.org/index.php/iptables
  3. Read Stackoverflow iptables questions: https://stackoverflow.com/questions/tagged/iptables?tab=Votes
  4. Review your current iptables configuration
  5. iptables-save

Related terms

See also

  • https://serverfault.com/a/608976
  • Advertising: