IPTABLES

Iptables is a firewall designed to filter packets based on a rule set. IPtables uses lists (aka chains) of rules, which are checked each time a packet is processed.

  • filter table (default)
    • INPUT – Incoming packets destined for the local machine.
    • OUTPUT – Outgoing packets.
    • FORWARD – Routed packets.
  • nat table (-t nat) – new connections.
    • PREROUTING – Incoming packets destined to be routed.
    • OUTPUT – Packets from the local machine destined to be routed.
    • POSTROUTING – Outgoing routed packets.
  • mangle table (-t mangle) – RTFM
    raw table ( -t raw ) – RTFM

 

Examples:

  • iptables -A INPUT -s 123.123.123.123 -j DROP
    Append a rule to block all incoming traffic from 23.123.123.123
  • iptables -D INPUT -s 123.123.123.123 -j DROP
    • Delete a rule to block all incoming traffic from 23.123.123.123
  •  iptables -L -n -v
    • Display a summary of iptables rules, and hit counters.
    • The verbose option (-v) is useful for troubleshooting the iptables configuration or locating the source of incoming traffic.
  • iptables-save > ipt.txt
    • Dump all rules to ipt.txt
  • iptables-restore < ipt.txt
    • Apply rules from ipt.txt
  • iptables -I OUTPUT -o ! lo -m owner –uid-owner user -j LOG
    • Log all traffic from programs ran by user ‘user’, except traffic on 127.0.0
  • iptables -t nat -I PREROUTING -p tcp –dport 8888 -j DNAT –to 10.23.23.23:80
    • Relay all tcp traffic incoming to local port 8888, to port 80 of 10.23.23.23

 

Syntax

  • -t nat        Select the NAT table, which is generally used for routing and forwarding
    Commands
  • -A <chain> <rule>
    • Add a rule to the end of a chain.
  • -I <chain> <rule>
    • Add a rule to the start of a chain.
  • -I <chain> <number> <rule>
    • Add a rule to a chain at <number> position
  • -D <chain> <rule>
  • -D <chain> <number>
    • Delete a rule by specifying its full parameters, or its entry number
  • -L
    • -L (chain) List all of the table’s rules, or all of a chain’s rules. Options:
  • -n – Do not resolve IP addresses
  • -v –  verbose
  • -P <chain> <target>        Set a -builtin- chain’s default policy to one of: ACCEPT, DROP, QUEUE, RETURN. See the targets section
  • -F    -F (chain) Remove all of the table’s rules, or all of a chain’s rules.        Be sure to check the policy of the INPUT, OUTPUT, and FORWARD chains before you run “iptables -F”.
  • -N <chain>        Create a custom chain.
  • -X <chain>        Delete the optional user-defined chain specified. There must be no references to the chain. If there are, you must delete or replace the referring rules before the chain can be deleted. The chain must be empty, i.e. not contain any rules.   If no argument is given, it will attempt to delete every non-built-in chain in the table.
  • –line-numbers
    • show line numbers, for use with -D to delete rules
  • –zero [chain] or -Z [chain]
    • Clear the counters, use in conjunction with -v, which shows the packets and data passed for each rule. Depending on the version of iptables, this may not clear the policy counters (this bug is fixed in more recent versions), for example:

 

In order to use the following rules, you must be root:

  • # /etc/init.d/iptables save  – saves rules
  • # /etc/init.d/iptables stop   – disables firewall
  • # /etc/init.d/iptables start   – enabled firewall
  • # iptables -L -n – Check the status of your firewall and the rules

 

Ubuntu – has its own firewall that is different from other Linux Distros

  • # /etc/init.d/ ufw disable
  • # /etc/init.d/ ufw enable
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s