Difference between revisions of "Iptables"
Jump to navigation
Jump to search
↑ https://serverfault.com/a/200658
↑ https://serverfault.com/a/608976
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 43: | Line 43: | ||
iptables -A INPUT -p tcp --dport 22 -j DROP | iptables -A INPUT -p tcp --dport 22 -j DROP | ||
[[netfilter-persistent]] save | [[netfilter-persistent]] save | ||
+ | |||
+ | * Clear iptables rules <ref>https://serverfault.com/a/200658</ref> | ||
+ | iptables -P INPUT ACCEPT | ||
+ | iptables -P FORWARD ACCEPT | ||
+ | iptables -P OUTPUT ACCEPT | ||
+ | iptables -t nat -F | ||
+ | iptables -t mangle -F | ||
+ | iptables -F | ||
+ | iptables -X | ||
== Activities == | == Activities == |
Revision as of 09:00, 31 August 2020
iptables
command line utility allows to modify Linux kernel firewall rules.
Basic commands
iptables-save
andiptables-restore
apt-get install iptables-persistent
- Add:
iptables -A
- Delete:
iptables -D
Examples
KVM VNC remote viewer iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 5900 -j DNAT --to 127.0.0.1:5900 sysctl -w net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf
- Port forwarding:
iptables -t nat -I PREROUTING --src 0/0 --dst 10.10.10.x -p tcp --dport 80 -j REDIRECT --to-ports 8123
- Block all output traffic:
iptables -A OUTPUT -o ethXXX -j DROP
- Open a port:
iptables -I INPUT -p tcp --dport XXX -j ACCEPT
- Block all but a range
iptables -I OUTPUT -m iprange --dst-range <remote_ip> -j ACCEPT iptables -I INPUT -m iprange --src-range <remote_ip> -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP netfilter-persistent save
- Block all but one IP
iptables -I OUTPUT -d <remote_ip> -j ACCEPT iptables -I INPUT -s <remote_ip> -j ACCEPT iptables -I OUTPUT -d <remote_ip> -j ACCEPT iptables -I INPUT -s <remote_ip> -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP
- Allow ssh connections only from specific IPs:
iptables -A INPUT -p tcp --dport 22 -s YourIP -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP netfilter-persistent save
- Clear iptables rules [1]
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X
Activities
- Read
iptables
Ubuntu howto: https://help.ubuntu.com/community/IptablesHowTo - Read archlinux documentation: https://wiki.archlinux.org/index.php/iptables
- Read Stackoverflow iptables questions: https://stackoverflow.com/questions/tagged/iptables?tab=Votes
- Review your current iptables configuration
iptables-save
Related terms
See also
iptables
ufw
firewalld
nftables
firewall-cmd
ipfw (FreeBSD)
PF (OpenBSD)
, netsh advfirewallnftables
- Palo Alto firewalls: PAN-OS
- Port knocking,
fail2ban
[2]fwknop
, DenyHosts
Advertising: