Iptables: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
Line 104: | Line 104: | ||
== Set Class EF == | == Set Class EF == | ||
<pre> | <pre> | ||
iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF | |||
iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF | iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF | ||
</pre> | </pre> |
Revision as of 03:15, 3 September 2014
Chains
INPUT OUTPUT FORWARD
Default Behaviour
Drop
Drop all packets by default
iptables -P INPUT DROP
Accept
Accepts all packets by default
iptables -P INPUT ACCEPT
Drop
Drop from Source
iptables -I INPUT -s 23.253.232.189 -j DROP
-I Insert -A Append -s Source -d Destination
List
Current tables
iptables -L -v
-L List -v verbose
with Line Numbers
iptables -L -n --line-numbers
List Chain
iptables -L INPUT -n --line-numbers
Delete
by Rule Number
iptables -D INPUT 3
by Rule Name
iptables -D INPUT -s 23.253.232.189 -j DROP
Delete All
Delete all rules
iptables --flush
Rules
Saving
iptables-save > /opt/firewall.conf
Restoring
iptables-restore < /opt/firewall.conf
Automatic Load on Restart
Based on Debian, once your tables are operating as required
iptables-save > /etc/iptables.up.rules
vi /etc/network/if-pre-up.d/iptables
add the following lines
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
chmod +x /etc/network/if-pre-up.d/iptables
dscp class
Set Class EF
iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF
View Defined Classes
iptables -t mangle -nvL