Linux command – iptables

Linux command completion plan iptables


Basic Concept

Iptables is just a command-line interface to the packet filtering functionality in netfilter. However, to keep this article simple, we won’t make a distinction between iptables and netfilter in this article, and simply refer to the entire thing as “iptables”.The Linux kernel comes with a packet filtering framework named netfilter. It allows you to accept, drop and modify traffic leaving in and out of a system. Iptables builds upon this functionality to provide a powerful firewall, which you can configure by adding rules.

Type of Chains

chains allow you to filter packets at various points.

Input chain: processes input packets. Output chain: processes output packets. Poward chain: handles forwarding packets. Preouting chain: used for destination address translation (DNAT). Posting chain: used for source address translation (SNAT).

Type of Tables and Rules

Tables allow you to do very specific things with packets.raw: URL filtering

iptables is a stateful firewall, which means that packets are inspected with respect to their “state”. (For example, a packet could be part of a new connection, or it could be part of an existing connection.) The raw table allows you to work with packets before the kernel starts tracking its state. In addition, you can also exempt certain pack ets from the state-tracking machinery.

Mangle: packet modification

This table allows you to alter packet headers in various ways.

Net: address translation for gateway router.

This table allows you to route packets to different hosts on NAT (Network Address Translation) networks by changing the source and destination addresses of packets. It is often used to allow access to services that can’t be accessed directly, because they’re on a NAT network.

Filter: packet filtering, used for firewall rules.

It is used to make decisions about whether a packet should be allowed to reach its destination.

Rule are defined in tables to match traffic packet. what should you do after matching them under rules ? That’s what targets are for — they decide the fate of a packet.

Accept: receive packets.

This causes iptables to accept the packet.

Drop: drop packets.

iptables drops the packet. To anyone trying to connect to your system, it would appear like the system didn’t even exist.

Reject: packet rejected.

iptables “rejects” the packet. It sends a “connection reset” packet in case of TCP, or a “destination host unreachable” packet in case of UDP or ICMP.

Some ohthre targets as follow: redirect & nbsp;: redirect, map, transparent agent. SNAT: source address translation. DNAT: target address translation. Masquerade: IP masquerade (NAT) for ADSL. Log: logging.

Connections between Tables,Rules and Chains.

There are corresponding rules in the chain and rules in the corresponding table. Any data matches the rules in the corresponding chain. Then perform the corresponding operation.

Command summary

• query iptables rules

iptables -Liptables -L INPUTiptables -t filter -Liptables -t nat -L

Use the – L option to display the rules of iptables, and the rules of filter table will be displayed by default. Set the – t option and table name to view other tables.

iptables -nvLiptables –line-number -nvL

Add – V to display more information about the table. Add — line numbers to display the number of the rule. • add rules

Iptables – t filter – a input – s 192.168.146 – J drop / / increment iptables – t filter – I input – s 192.168.146 – J drop / / insert iptables – t table – a chain name matching criteria – J action iptables – t table – I chain name matching criteria – J action

• delete rule

Iptables – t filter – D input – s 192.168.146 – J drop / / delete the command iptables – t filter – D input 3 / / delete the specified line command

• modify rule iptables – e filter – R input 1 – s – J reject• clear the existing iptables rule iptables – FOther examples / / block SSH connections from any IP addressiptables – a input – P TCP — dport SSH – J drop / / block SSH connections from – a input – P TCP — dport SSH – s – J drop / / block SSH connections from – a input – P TCP – M TCP — dport 22 – s / 24 – J drop / / / / block SSH connections from – a input – P TCP – P TCP – P TCP – TCP – dpport 22 – s – J drop / / / / / / / / the command to shield a single IP iptables – I command – I drop – I drop – I command iptables – I command – I drop – I command of an IP.I Nput – s – J drop / / redirect the message labeled 0x01 on port 80 to – t NAT – D preceding – P TCP — dport 80 – M mark — Mark 0x01 – J DNAT — to destination

Reference reading:

• iptables walkthrough 1: iptables concept [1] • iptables walkthrough 2: iptables rule query [2] • iptables walkthrough 3: iptables rule management [3] • iptables (8) – Linux man page [4] • Linux command encyclopedia iptables command [5] • an in depth guide to iptables, the Linux Firewall [6] • the starter’s Guide to iptables, the Linux Firewall [7] • iptables tutorial – securing UB untu VPS with Linux Firewall[8]


[1] & nbsp; iptables explain 1: iptables concept: [2] & nbsp; iptables explain 2: iptables rule query: [3] & nbsp; iptables explain 3: iptables rule management: [4] & nbsp; iptables (8) – Linux man page: http://www.nbsp; https://linux.die.die http://linux.die; https://linux.die] & nbsp; iptables rule management: http://nbsp; [4] & nbsp; iptables (8) – Linux man page: & nbsp; https://linux.die http://linux.die http://linux.die.die.linux. net / man / 8 / iptables[ 5] & nbsp; Linux commands: General iptables command: & nbsp; [6] & nbsp; an in depth guide to iptables, the Linux Firewall: & nbsp; [7] & nbsp; the beginning’s Guide to iptables, the Linux Firewall: & nbsp; / [7] & nbsp; the beginning’s Guide to iptables, the Linux Firewall: inux-firewall/[8] Iptables Tutorial – Securing Ubuntu VPS with Linux Firewall:


电子邮件地址不会被公开。 必填项已用*标注