IPTables

= IPTables =

Adding Rules
Allow SSH iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Allow incoming web traffic iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Blocking Traffic iptables -A INPUT -j DROP iptables -A INPUT -i ens160 -s 10.140.198.7 -j DROP

Allow loopback iptables -I INPUT 1 -i lo -j ACCEPT

Reporting
List rules iptables -L iptables -L --line-numbers

Logging iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Check Stats iptables -nvL

Reset Packet Counts and Aggregate Size: iptables -Z

Deleting Rules
Delete a Rule iptables -D INPUT -p tcp --dport 80 -j ACCEPT iptables -D INPUT -i ens160 -s 10.140.198.7 -j DROP

Delete by Rule Number iptables -D INPUT 3      # Chain name = INPUT

Flush Chain iptables --flush MYCHAIN

Flush Iptables iptables -F

Delete Empty Chain iptables -X MYCHAIN

Saving Rules
Export rules iptables-save > /etc/iptables.conf

Restore them on every reboot sudo nano /etc/rc.local iptables-restore < /etc/iptables.conf

= UFW =

Basic Usage
Installation sudo apt-get install ufw sudo apt-get install gufw sudo ufw enable gufw

To check your current settings: sudo ufw status verbose

To add firewall rules: sudo ufw deny 22 sudo ufw deny 25/tcp sudo ufw deny 5353/udp sudo ufw deny 135,139,445/tcp sudo ufw deny 137,138/udp sudo ufw deny from 192.168.1.5 to any                           # Block specific IP address sudo ufw deny from 202.54.1.5 to any port 80                    # Block specific IP and port number i.e Block Spammers sudo ufw deny proto tcp from 202.54.1.1 to any port 22          # Deny specific IP, port number, and protocol sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22       # Block Subnet

Add a Rule to the Top of the List: sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'

Delete Specific Rules: sudo ufw status numbered sudo ufw delete 4

Confirm your changes: sudo ufw status verbose sudo ufw status numbered sudo ufw show added sudo ufw show listening sudo ufw show builtins sudo ufw show before-rules sudo ufw show user-rules sudo ufw show after-rules sudo ufw show logging-rules

Manage Application Traffic: sudo ufw app list sudo ufw app info Samba sudo ufw allow from 192.168.1.0/24 to any app Samba

Rate Limiting: sudo ufw limit 53/udp sudo iptables -L | grep domain Check Stats: sudo ufw show raw

Re-check enable (required): sudo ufw enable

Reset UFW: sudo ufw reset

Receive the UDP multicast traffic
sudo ufw allow in proto udp to 224.0.0.0/4 sudo ufw allow in proto udp from 224.0.0.0/4

This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through: sudo nano /etc/ufw/before.rules

and add the following lines somewhere before the COMMIT line:

-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT -A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT
 * 1) allow IGMP

Internet Connection Sharing using UFW
sudo ufw allow from 192.168.1.0/29

sudo nano /etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT"

sudo nano /etc/ufw/sysctl.conf net/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1

sudo nano /etc/ufw/before.rules

Add rules for nat table *nat :POSTROUTING ACCEPT [0:0] Forward traffic from eth0 through ppp0 -A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE Commit preceding nat table rules COMMIT

sudo service ufw restart