Iptables: Difference between revisions
From James's Wiki
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
to drop an ip(1.2.3.4 in this case): | |||
sudo iptables -I INPUT -s 1.2.3.4 -j DROP | |||
to save firewall rules use: | to save firewall rules use: | ||
| Line 21: | Line 22: | ||
iptables -P OUTPUT ACCEPT | iptables -P OUTPUT ACCEPT | ||
accept tcp 8080 from local: | |||
sudo iptables -A INPUT -p tcp --dport 8080 -s 192.168.1.0/24 -j ACCEPT | |||
to save rules to text file and restore from said file: | |||
sudo iptables-save > iptables.rules | |||
sudo iptables-restore < iptables.rules | |||
check hit conuts for all rules: | |||
sudo iptables -vL --line-numbers | |||
references: | references: | ||
https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands | https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands | ||
Latest revision as of 00:27, 3 July 2018
to drop an ip(1.2.3.4 in this case):
sudo iptables -I INPUT -s 1.2.3.4 -j DROP
to save firewall rules use:
sudo dpkg-reconfigure iptables-persistent
or (stretch):
sudo dpkg-reconfigure iptables-persistent
allow ssh:
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
delete by number:
sudo iptables -L --line-numbers sudo iptables -D INPUT 3
set overall policies:
iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
accept tcp 8080 from local:
sudo iptables -A INPUT -p tcp --dport 8080 -s 192.168.1.0/24 -j ACCEPT
to save rules to text file and restore from said file:
sudo iptables-save > iptables.rules sudo iptables-restore < iptables.rules
check hit conuts for all rules:
sudo iptables -vL --line-numbers
references:
