Iptables: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
No edit summary
Line 4: Line 4:
OUTPUT
OUTPUT
FORWARD
FORWARD
</pre>
= Default Behaviour =
== Drop ==
Drop all packets by default
<pre>
iptables -P INPUT DROP
</pre>
== Accept ==
Accepts all packets by default
<pre>
iptables -P INPUT ACCEPT
</pre>
</pre>



Revision as of 03:10, 29 August 2014

Chains

INPUT
OUTPUT
FORWARD

Default Behaviour

Drop

Drop all packets by default

iptables -P INPUT DROP

Accept

Accepts all packets by default

iptables -P INPUT ACCEPT

Drop

Drop from Source

iptables -I INPUT -s 23.253.232.189 -j DROP
-I Insert
-A Append

-s Source
-d Destination


List

Current tables

iptables -L -v
-L List
-v verbose

with Line Numbers

iptables -L -n --line-numbers

List Chain

iptables -L INPUT -n --line-numbers

Delete

by Rule Number

iptables -D INPUT 3

by Rule Name

iptables -D INPUT -s 23.253.232.189 -j DROP

Delete All

Delete all rules

iptables --flush

Rules

Saving

iptables-save > /opt/firewall.conf

Restoring

iptables-restore < /opt/firewall.conf

Automatic Load on Restart

Based on Debian, once your tables are operating as required

iptables-save > /etc/iptables.up.rules
vi /etc/network/if-pre-up.d/iptables

add the following lines

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
chmod +x /etc/network/if-pre-up.d/iptables