IPTables

From Network Security Wiki




IPTables

Adding Rules

Allow SSH 

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Allow incoming web traffic 

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Blocking Traffic 

iptables -A INPUT -j DROP
iptables -A INPUT -i ens160 -s 10.140.198.7  -j DROP

Allow loopback 

iptables -I INPUT 1 -i lo -j ACCEPT

Reporting

List rules 

iptables -L
iptables -L --line-numbers

Logging 

iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Check Stats 

iptables -nvL

Reset Packet Counts and Aggregate Size: 

iptables -Z

Deleting Rules

Delete a Rule 

iptables -D INPUT -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -i ens160 -s 10.140.198.7  -j DROP

Delete by Rule Number 

iptables -D INPUT 3       # Chain name = INPUT

Flush Chain 

iptables --flush MYCHAIN

Flush Iptables 

iptables -F

Delete Empty Chain 

iptables -X MYCHAIN


Saving Rules

Export rules 

iptables-save > /etc/iptables.conf

Restore them on every reboot 

sudo nano /etc/rc.local
iptables-restore < /etc/iptables.conf

UFW

Basic Usage

Installation 

sudo apt-get install ufw
sudo apt-get install gufw
sudo ufw enable
gufw

To check your current settings: 

sudo ufw status verbose

To add firewall rules: 

sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 5353/udp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny from 192.168.1.5 to any                            # Block specific IP address
sudo ufw deny from 202.54.1.5 to any port 80                     # Block specific IP and port number i.e Block Spammers
sudo ufw deny proto tcp from 202.54.1.1 to any port 22           # Deny specific IP, port number, and protocol
sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22        # Block Subnet

Add a Rule to the Top of the List: 

sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'

Delete Specific Rules: 

sudo ufw status numbered
sudo ufw delete 4

Confirm your changes: 

sudo ufw status verbose
sudo ufw status numbered
sudo ufw show added
sudo ufw show listening
sudo ufw show builtins
sudo ufw show before-rules
sudo ufw show user-rules
sudo ufw show after-rules
sudo ufw show logging-rules

Manage Application Traffic: 

sudo ufw app list
sudo ufw app info Samba
sudo ufw allow from 192.168.1.0/24 to any app Samba

Rate Limiting: 

sudo ufw limit 53/udp
sudo iptables -L | grep domain

Check Stats: 

sudo ufw show raw

Re-check enable (required): 

sudo ufw enable

Reset UFW: 

sudo ufw reset

Receive the UDP multicast traffic

sudo ufw allow in proto udp to 224.0.0.0/4
sudo ufw allow in proto udp from 224.0.0.0/4

This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through: 

sudo nano /etc/ufw/before.rules

and add the following lines somewhere before the COMMIT line: 

# allow IGMP
-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT



Internet Connection Sharing using UFW

sudo ufw allow from 192.168.1.0/29

sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"

sudo nano /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1

sudo nano /etc/ufw/before.rules

Add rules for nat table 

*nat
:POSTROUTING ACCEPT [0:0]

Forward traffic from eth0 through ppp0 

-A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE

Commit preceding nat table rules 

COMMIT

sudo service ufw restart



{{#widget:DISQUS |id=networkm |uniqid=IPTables |url=https://aman.awiki.org/wiki/IPTables }}

Retrieved from "https://aman.awiki.org/wiki/IPTables?oldid=4337"