Difference between revisions of "Iptables"
Jump to navigation
Jump to search
↑ https://serverfault.com/a/200658
↑ https://serverfault.com/a/608976
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
| Line 43: | Line 43: | ||
iptables -A INPUT -p tcp --dport 22 -j DROP | iptables -A INPUT -p tcp --dport 22 -j DROP | ||
[[netfilter-persistent]] save | [[netfilter-persistent]] save | ||
| + | |||
| + | * Clear iptables rules <ref>https://serverfault.com/a/200658</ref> | ||
| + | iptables -P INPUT ACCEPT | ||
| + | iptables -P FORWARD ACCEPT | ||
| + | iptables -P OUTPUT ACCEPT | ||
| + | iptables -t nat -F | ||
| + | iptables -t mangle -F | ||
| + | iptables -F | ||
| + | iptables -X | ||
== Activities == | == Activities == | ||
Revision as of 09:00, 31 August 2020
iptables command line utility allows to modify Linux kernel firewall rules.
Basic commands
iptables-saveandiptables-restoreapt-get install iptables-persistent
- Add:
iptables -A - Delete:
iptables -D
Examples
KVM VNC remote viewer iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 5900 -j DNAT --to 127.0.0.1:5900 sysctl -w net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf
- Port forwarding:
iptables -t nat -I PREROUTING --src 0/0 --dst 10.10.10.x -p tcp --dport 80 -j REDIRECT --to-ports 8123 - Block all output traffic:
iptables -A OUTPUT -o ethXXX -j DROP - Open a port:
iptables -I INPUT -p tcp --dport XXX -j ACCEPT - Block all but a range
iptables -I OUTPUT -m iprange --dst-range <remote_ip> -j ACCEPT iptables -I INPUT -m iprange --src-range <remote_ip> -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP netfilter-persistent save
- Block all but one IP
iptables -I OUTPUT -d <remote_ip> -j ACCEPT iptables -I INPUT -s <remote_ip> -j ACCEPT iptables -I OUTPUT -d <remote_ip> -j ACCEPT iptables -I INPUT -s <remote_ip> -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP
- Allow ssh connections only from specific IPs:
iptables -A INPUT -p tcp --dport 22 -s YourIP -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP netfilter-persistent save
- Clear iptables rules [1]
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X
Activities
- Read
iptablesUbuntu howto: https://help.ubuntu.com/community/IptablesHowTo - Read archlinux documentation: https://wiki.archlinux.org/index.php/iptables
- Read Stackoverflow iptables questions: https://stackoverflow.com/questions/tagged/iptables?tab=Votes
- Review your current iptables configuration
iptables-save
Related terms
See also
iptablesufwfirewalldnftablesfirewall-cmdipfw (FreeBSD)PF (OpenBSD), netsh advfirewallnftables- Palo Alto firewalls: PAN-OS
- Port knocking,
fail2ban[2]fwknop, DenyHosts
Advertising:
