User Tools

Site Tools


Sidebar

linux:iptables:iptables

IPTables

Allow Port 22:

iptables -A INPUT -p tcp -m multiport --ports 22 -m comment --comment "003 accept ssh" -j ACCEPT

Forward interface lxc-nat to eth0:

iptables -A FORWARD -i lxc-nat -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o lxc-nat -j ACCEPT

Forwarding f.e. on LXC Host

Everybody on 192.168.0.0/24 is allowed to use smtp on 192.168.0.100:

iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.0.100/32 -d 192.168.0.0/24 -p tcp -m tcp --sport 25 -j ACCEPT

Log Drops before they happen:

iptables -A INPUT -p tcp -m comment --comment "998 log before drop" -j LOG --log-prefix "IPTables-DROP: "

Show iptables NAT rules:

iptables -L -n -t nat

Show iptables Statistics:

Normal Tables

iptables -L -n -v

NAT Tables

iptables -L -n -v -t nat

Persistent Firewall using Debian

Rules can be found in iptables-save-format under /etc/iptables/rules.v4

Debian 7 / Wheezy

- Install Package iptables-persistent

# apt-get install iptables-persistent

- Save the rules you are currently using

# /etc/init.d/iptables-persistent save

- Activate it on boot

# update-rc.d iptables-persistent defaults

Debian 8 / Jessie

- Install Package netfilter-persistent

# apt-get install netfilter-persistent iptables-persistent

- Save the rules you are currently using

# netfilter-persistent save

- Activate it on boot

# systemctl enable netfilter-persisten
linux/iptables/iptables.txt · Last modified: 2015/05/05 05:44 by Nold