Revision as of 11:10, 6 January 2015

Chains

INPUT
OUTPUT
FORWARD

Default Behaviour

Drop

Drop all packets by default

iptables -P INPUT DROP

Accept

Accepts all packets by default

iptables -P INPUT ACCEPT

Drop

Drop from Source

iptables -I INPUT -s 23.253.232.189 -j DROP

-I Insert
-A Append

-s Source
-d Destination

List

Current tables

iptables -L -v

-L List
-v verbose

with Line Numbers

iptables -L -n --line-numbers

List Chain

iptables -L INPUT -n --line-numbers

Delete

by Rule Number

iptables -D INPUT 3

by Rule Name

iptables -D INPUT -s 23.253.232.189 -j DROP

Delete All

Delete all rules

iptables --flush

Rules

Saving

iptables-save > /opt/firewall.conf

Restoring

iptables-restore < /opt/firewall.conf

Automatic Load on Restart

Based on Debian, once your tables are operating as required

iptables-save > /etc/iptables.up.rules

vi /etc/network/if-up.d/iptables

add the following lines

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

chmod +x /etc/network/if-up.d/iptables

dscp class

Set Class EF

iptables -A OUTPUT -t mangle -p udp --dport 5060 -j DSCP --set-dscp-class EF
iptables -A OUTPUT -t mangle -p udp --dport 4569 -j DSCP --set-dscp-class EF

View Defined Classes

iptables -t mangle -nvL

@@ Line 88: / Line 88: @@
 <pre>
-vi /etc/network/if-pre-up.d/iptables
+vi /etc/network/if-up.d/iptables
 </pre>
@@ Line 98: / Line 98: @@
 <pre>
-chmod +x /etc/network/if-pre-up.d/iptables
+chmod +x /etc/network/if-up.d/iptables
 </pre>

Iptables: Difference between revisions

Revision as of 11:10, 6 January 2015

Contents

Chains

Default Behaviour

Drop

Accept

Drop

List

Current tables

with Line Numbers

List Chain

Delete

by Rule Number

by Rule Name

Delete All

Rules

Saving

Restoring

Automatic Load on Restart

dscp class

Set Class EF

View Defined Classes

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools