Iptables: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
Line 104: Line 104:
== Set Class EF ==
== Set Class EF ==
<pre>
<pre>
iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF
iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF
iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF
</pre>
</pre>

Revision as of 03:15, 3 September 2014

Chains

INPUT
OUTPUT
FORWARD

Default Behaviour

Drop

Drop all packets by default 

iptables -P INPUT DROP

Accept

Accepts all packets by default 

iptables -P INPUT ACCEPT

Drop

Drop from Source 

iptables -I INPUT -s 23.253.232.189 -j DROP

-I Insert
-A Append

-s Source
-d Destination


List

Current tables

iptables -L -v

-L List
-v verbose

with Line Numbers

iptables -L -n --line-numbers

List Chain

iptables -L INPUT -n --line-numbers

Delete

by Rule Number

iptables -D INPUT 3

by Rule Name

iptables -D INPUT -s 23.253.232.189 -j DROP

Delete All

Delete all rules 

iptables --flush

Rules

Saving

iptables-save > /opt/firewall.conf

Restoring

iptables-restore < /opt/firewall.conf

Automatic Load on Restart

Based on Debian, once your tables are operating as required 

iptables-save > /etc/iptables.up.rules

vi /etc/network/if-pre-up.d/iptables

add the following lines 

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

chmod +x /etc/network/if-pre-up.d/iptables

dscp class

Set Class EF

iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF
iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF

View Defined Classes

iptables -t mangle -nvL
Retrieved from ‘https://klaverstyn.com.au/david/wiki/index.php?title=Iptables&oldid=1672