Difference between revisions of "Iptables"
Jump to navigation
Jump to search
↑ http://jensd.be/343/linux/forward-a-tcp-port-to-another-ip-or-port-using-nat-with-iptables
↑ https://serverfault.com/a/200658
↑ https://serverfault.com/a/608976
Line 40: | Line 40: | ||
*<code>iptables -P INPUT DROP</code> | *<code>iptables -P INPUT DROP</code> | ||
*<code>iptables -P OUTPUT DROP</code> | *<code>iptables -P OUTPUT DROP</code> | ||
− | + | *<code>[[netfilter-persistent]] save</code> | |
===Block all but one IP=== | ===Block all but one IP=== |
Revision as of 14:49, 4 October 2021
iptables
(1998) command line utility allows to modify Linux kernel firewall rules.
Tables: filter, nat, mangle, raw and security
Contents
Basic commands
apt-get install iptables-persistent
iptables-save
andiptables-restore
Options
- Add:
iptables -A
- Delete:
iptables -D
- Insert:
iptables -I
Examples
KVM VNC remote viewer iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 5900 -j DNAT --to 127.0.0.1:5900 sysctl -w net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf
Port forwarding
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination IP_DESTINATION
iptables -t nat -A POSTROUTING -p tcp -d IP_DESTINATION --dport 2222 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
- Block all output traffic:
iptables -A OUTPUT -o ethXXX -j DROP
- Open a port:
iptables -I INPUT -p tcp --dport XXX -j ACCEPT
Block all but a range
iptables -I OUTPUT -m iprange --dst-range <remote_ip> -j ACCEPT
iptables -I INPUT -m iprange --src-range <remote_ip> -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
netfilter-persistent save
Block all but one IP
iptables -I OUTPUT -d <remote_ip> -j ACCEPT
iptables -I INPUT -s <remote_ip> -j ACCEPT
iptables -I OUTPUT -d <remote_ip> -j ACCEPT
iptables -I INPUT -s <remote_ip> -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Allow ssh connections only from specific IPs
iptables -A INPUT -p tcp --dport 22 -s YourIP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
netfilter-persistent save
Clear iptables rules [2] iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X
- Flush
iptables -F
- (no output)
iptables -t nat -F
iptables -t YOUR_TABLE_NAME -F
Activities
- Read
iptables
Ubuntu howto: https://help.ubuntu.com/community/IptablesHowTo - Read archlinux documentation: https://wiki.archlinux.org/index.php/iptables
- Read Stackoverflow iptables questions: https://stackoverflow.com/questions/tagged/iptables?tab=Votes
- Review your current iptables configuration
iptables-save
,iptables-restore
Related terms
See also
iptables
,ufw
, firewalld, nftables firewall-cmd,netfilter-persistent, iptables -L
,iptables-save
,iptables-restore
, Netfilteriptables
ufw
firewalld
nftables
firewall-cmd
ipfw (FreeBSD)
PF (OpenBSD)
, netsh advfirewallnftables
- Palo Alto firewalls: PAN-OS
- Port knocking,
fail2ban
[3]fwknop
, DenyHosts
Advertising: