IPTABLES

General Notes

• Most commands you run with iptables are going to look something like this:
  • iptables [-t table] [mode] [chain] [rulenum] [rule-specification] [options]
• Save IPTABLES rules added
  • # service iptables save
• Internal to External (eth0: external, eth1: internal)
  • # iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT
• Block an IP address
  • # iptables -A INPUT -s 10.0.0.2 -j DROP
  • “-j DROP” will respond to the connection request with a “connection refused” error
• Allow SSH connections:
  • Allow all connections:
    • # iptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
    • # iptables -A OUTPUT -p tcp –dport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPT
  • Allow specific connections (e.g. SSH):
    • # iptables -A INPUT -p tcp -s 10.0.0.0/24 dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
    • # iptables -A OUTPUT -p tcp –dport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPT
• Allow All incoming HTTPS:
  • # iptalbes -A INPUT -p tcp –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
  • # iptables -A OUTPUT -p tcp -dport 80 -m conntrack –ctstate ESTABLISHED -j ACCEPT
• Allow multiple ports example:
  • # iptables -A INPUT -p tcp –match multiport –dports 110,143,993,995 -j ACCEPT
• To list all chains with line number:
  • # iptables -L –line-number
• To delete a line with line number:
  • # iptalbes -D INPUT 3