Iptables: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
No edit summary |
|||
| Line 116: | Line 116: | ||
</pre> | </pre> | ||
= View Defined Classes = | |||
== mangle == | |||
<pre> | <pre> | ||
iptables -t mangle -nvL | iptables -t mangle -nvL | ||
</pre> | </pre> | ||
== nat == | |||
<pre> | <pre> | ||
iptables -t nat -nvL | iptables -t nat -nvL | ||
Revision as of 11:16, 6 January 2015
Chains
INPUT OUTPUT FORWARD
Default Behaviour
Drop
Drop all packets by default
iptables -P INPUT DROP
Accept
Accepts all packets by default
iptables -P INPUT ACCEPT
Drop
Drop from Source
iptables -I INPUT -s 23.253.232.189 -j DROP
-I Insert -A Append -s Source -d Destination
List
Current tables
iptables -L -v
-L List -v verbose
with Line Numbers
iptables -L -n --line-numbers
List Chain
iptables -L INPUT -n --line-numbers
Delete
by Rule Number
iptables -D INPUT 3
by Rule Name
iptables -D INPUT -s 23.253.232.189 -j DROP
Delete All
Delete all rules
iptables --flush
Rules
Saving
iptables-save > /opt/firewall.conf
Restoring
iptables-restore < /opt/firewall.conf
Automatic Load on Restart
Based on Debian, once your tables are operating as required
iptables-save > /etc/iptables.up.rules
vi /etc/network/if-up.d/iptables
add the following lines
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
chmod +x /etc/network/if-up.d/iptables
dscp class
Set Class EF
iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF
nat
This accepts all traffic from wlan0 and passes it to eth0 as if the traffic originated from eth0. Traffic to wlan0 is not allowed unless related or established from wlan0.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
View Defined Classes
mangle
iptables -t mangle -nvL
nat
iptables -t nat -nvL
