IPTables: Difference between revisions
→Basic Usage
No edit summary |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 8:
= IPTables =
== Adding Rules ==
List rules▼
iptables -L▼
Allow SSH
Line 23 ⟶ 22:
Allow loopback
iptables -I INPUT 1 -i lo -j ACCEPT
== Reporting ==
▲List rules
▲ iptables -L
iptables -L --line-numbers
Logging
iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
Check Stats
Saving rules▼
iptables -
iptables-restore▼
Reset Packet Counts and Aggregate Size:
== Deleting Rules ==
Delete a Rule
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -i ens160 -s 10.140.198.7 -j DROP
Delete by Rule Number
iptables -D INPUT 3 # Chain name = INPUT
Flush Chain
iptables --flush MYCHAIN
Flush Iptables
iptables -F
Delete Empty Chain
iptables -X MYCHAIN
== Saving Rules ==
iptables-save > /etc/iptables.conf
Restore them on every reboot
sudo nano /etc/rc.local
iptables-restore < /etc/iptables.conf
= UFW =
== Basic Usage ==
Installation
sudo apt-get install ufw
Line 46 ⟶ 79:
To add firewall rules:
sudo ufw deny 5353/udp▼
sudo ufw deny 5900/tcp▼
sudo ufw deny 22
sudo ufw deny 25/tcp
▲ sudo ufw deny 5353/udp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny from 192.168.1.5 to any # Block specific IP address
sudo ufw deny 110▼
sudo ufw deny from 202.54.1.5 to any port 80 # Block specific IP and port number i.e Block Spammers
sudo ufw deny 2049▼
sudo ufw deny proto tcp from 202.54.1.1 to any port 22 # Deny specific IP, port number, and protocol
sudo ufw deny 143▼
sudo ufw deny
Add a Rule to the Top of the List:
Re-check your changes:▼
sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'
Delete Specific Rules:
sudo ufw status numbered
sudo ufw delete 4
sudo ufw status verbose
sudo ufw status numbered
sudo ufw show added
sudo ufw show listening
sudo ufw show builtins
sudo ufw show before-rules
sudo ufw show user-rules
sudo ufw show after-rules
sudo ufw show logging-rules
Manage Application Traffic:
sudo ufw app info Samba
sudo ufw allow from 192.168.1.0/24 to any app Samba
Rate Limiting:
sudo iptables -L | grep domain
Check Stats:
Re-check enable (required):
sudo ufw enable
Reset UFW:
== Receive the UDP multicast traffic ==
|