IPTables

List rules

iptables -L

Allow SSH

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Allow incoming web traffic

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Blocking Traffic

iptables -A INPUT -j DROP
iptables -A INPUT -i ens160 -s 10.140.198.7  -j DROP

Allow loopback

iptables -I INPUT 1 -i lo -j ACCEPT

Logging

iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Saving rules

iptables-save
iptables-restore

Stop iptables

iptables -F

UFW

Installation

sudo apt-get install ufw
sudo apt-get install gufw
sudo ufw enable
gufw

To check your current settings:

sudo ufw status verbose

To add firewall rules:

sudo ufw deny 5353/udp
sudo ufw deny 5900/tcp
sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny 110
sudo ufw deny 2049
sudo ufw deny 143
sudo ufw deny 21/tcp

Re-check your changes:

sudo ufw status verbose

Re-check enable (required):

sudo ufw enable

Receive the UDP multicast traffic

sudo ufw allow in proto udp to 224.0.0.0/4
sudo ufw allow in proto udp from 224.0.0.0/4

This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through:

sudo nano /etc/ufw/before.rules

and add the following lines somewhere before the COMMIT line:

# allow IGMP
-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT

Internet Connection Sharing using UFW

sudo ufw allow from 192.168.1.0/29

sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"

sudo nano /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1

sudo nano /etc/ufw/before.rules

Add rules for nat table

*nat
:POSTROUTING ACCEPT [0:0]

Forward traffic from eth0 through ppp0

-A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE

Commit preceding nat table rules

COMMIT

sudo service ufw restart

{{#widget:DISQUS |id=networkm |uniqid=IPTables |url=https://aman.awiki.org/wiki/IPTables }}