This is my notes, links and videos about iptables. Please, send me your informatio to upgrae the site.

Concepts of iptables:

• Types of tables:
  • Filter: Contains the built in chains for inputs, forwards and outputs:
    • INPUT – packages destined for local sockets
    • FORWARD – packets routed through the system
    • OUTPUT – packets generated locally
  • Nat: is consulted when a packet tries to create a new connection.
    • PREROUTING – used for altering a packet as soon as it’s received
    • OUTPUT – used for altering locally generated packets
    • POSTROUTING – used for altering packets as they are about to go out
  • Mangle: used for packet altering:
    • PREROUTING – for altering incoming connections
    • OUTPUT – for altering locally generated  packets
    • INPUT – for incoming packets
    • POSTROUTING – for altering packets as they are about to go out
    • FORWARD – for packets routed through the box

IPTables Service

• Installation (on Fedora): dnf install iptables-services
• Start IPTables: systemctl start iptables-services
• Enable IPTables (Start when the server boot): systemctl enable iptables-services

Manage all the rules

• iptables -F |–flush <chain>: Flush or clear rules
• iptables -Z |–zero <chain> <rule_number>: Reset packet and byte counters

Query the rules

• iptables -L : List all the rules
• iptables -L -v -n: List all the rules with packets and bytes managed
• iptables -t nat -n -L -v: List all the rules with nat configuration

Add rules

• Input Rules:
  • iptables -A  INPUT -s xxx.xxx.xxx.xxx -j DROP: Add a rule. (Block the access of IP)
  • iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP: Block TCP traffic from that IP address. With -p option that specifies the protocol.
  • iptables -A INPUT -p tcp –dport xxx -j ACCEPT: Allow incoming connection on port xxx.
  • iptables -A INPUT -p tcp -m multiport –dports 22,80,443 -j ACCEPT: Allow input multiple port at once with -m multiport.
  • iptables -A INPUT -p tcp –dport 80 -m limit –limit 100/minute –limit-burst 200 -j ACCEPT: Limits the incoming connections from per minute to 100 and sets a limit burst to 200.
  • iptables -A INPUT -p icmp -i eth0 -j DROP: Block Incoming Ping Requests
  • iptables -I INPUT 1 -p tcp –dport 80 -j ACCEPT: Insert rules at a specific position. (After INPUT put the position)
  • iptables -A INPUT -j DROP: block all input traffic
• Output Rules:
  • iptables -A OUTPUT -p tcp –dport xxx -j DROP: Block outgoing connections on a specific port use.
  • iptables -A OUTPUT -p tcp -m multiport –sports 22,80,443 -j ACCEPT: Allow output multiple port at once with -m multiport.
  • iptables -A OUTPUT -p tcp -d 192.168.100.0/24 –dport 22 -j ACCEPT: Limit certain connections on specific port to a given network.
• Forwarding Rules:
  • iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 25 -j REDIRECT –to-port 2525: Forward one service’s traffic to another port.

Modify the rules

• iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 –dport 80 -j ACCEPT: The command replaces the first rule.

Delete rules

• iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP: Delete a rule.
• iptables -D INPUT 5:  Delete the rule in the fifth position.
• Disabling the firewall:
  • iptables -P INPUT ACCEPT
  • iptables -P OUTPUT ACCEPT
  • iptables -P FORWARD ACCEPT
  • iptables -F

Other tools/configurations

• iptables-save > ~/iptables.rules: Save the rules
• iptables-restore < ~/iptables.rules: Restore the rules
• Enable IP Forwarding:
  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • Permanent configuration:
    • Put net.ipv4.ip_forward = 1 on /etc/sysctl.conf
• Log iptables:
  • iptables -A INPUT -i eth0 -j LOG –log-prefix “IPtables dropped packets:”: Log the dropped packets on the network interface eth0.
  • grep “IPtables dropped packets:” /var/log/messages: Review the log
  • iptables -I INPUT 5 -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7: Log dropped packets to syslog

Links

• iptables(8) – Linux man page
• How to save rules of the iptables?
• Iptables Howto
• How to edit iptables rules
• 25 Useful IPtable Firewall Rules Every Linux Administrator Should Know
• Linux OS Service ‘iptables’
• Basic Guide on IPTables (Linux Firewall) Tips / Commands
• Iptables Tutorial 1.2.2

Books

Videos

Pending

Enjoy!!!