Monday, August 1, 2016

firewall, iptables basic

1- filter port 22 to the localhost (drop), you can do it either with INPUT, or OUTPUT chain

- input chain
$ sudo iptables -A INPUT -p tcp --dport 22 -j DROP
- if you use output chain change from dport to sport
$ sudo iptables -A OUTPUT -p tcp --sport 22 -j DROP

2- deny subnet 192.168.15.0/24 to forward traffic across our server
$ sudo iptables -A FORWARD -s 192.168.15.0/24 -j DROP 

3- by default the policy of iptables is ACCEPT you we can change it to DROP
$ sudo iptables -P INPUT DROP

4- now you want to clear all the iptables, for FORWARD, INPUT and OUTPUT
$ sudo iptables -F

5- flush only the the INPUT Chain
$ sudo iptables -F INPUT

6- to list all rules of FORWARD, INPUT and OUTPUT
$ sudo iptables -L

7- to list everything
$ sudo iptables -t nat -L

8- to list with line numbers that you can use it to delete individual line
$ sudo iptables -L --line-numbers

9- now you want to insert new rule on line 2
$ sudo iptables -I INPUT 2 -p tcp --dport 26 -j DROP

10- to delete line 3 of INPUT chain
$ sudo iptables -D INPUT 3

11- masquerade the traffic that exit on interface eth0, in short NAT out on port eth0
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

12- redirect port 80 to port 8080 on the server machine
$  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

13- do port forwarding on port 8080 to port ip address 192.168.11.210 port 8888
$ sudo iptables -t nat -A PREROUTING  -p tcp --dport 8080 -j DNAT --to-destination 192.168.11.210:8888

14- finally you want to clear everything
$ sudo iptables -t nat -F

No comments:

Post a Comment