IPtables Rules

1. Displaying the Status of Your Firewall

iptables  -L -n -v

===

-L : List rules.
-v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix ‘K’, ‘M’ or ‘G’ for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.
-n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.

==

To display INPUT or OUTPUT chain rules

iptables -L INPUT -n -v –line-numbers

iptables -L OUTPUT -n -v –line-numbers

2. Delete Existing Rules

iptables -F  or iptables –flush

3. How to block an IP Address.

iptables -A INPUT -s “IP ADDRESS” -j DROP

iptables -A INPUT -i eth0 -s “IP ADDRESS” -j DROP  (Mentioned eth0)

iptables -A INPUT -i eth0 -p tcp -s “IP ADDRESS” -j DROP (Mentioned eth0 and protocol )

4. Allow ALL Incoming SSH

iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

5. Allow Incoming SSH only from a Sepcific Network

iptables -A INPUT -i eth0 -p tcp -s  192.168.100.0/24 –dport 22 -m stare –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -i eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s