![]() Iptables -A INPUT -p icmp -i eth0 -j DROP * -i -in-interface : Specify an input interface (your ethernet card generally) (only for INPUT, FORWARD and PREROUTING chains)Įxample : DROP incoming icmp traffic on eth0 input interface Iptables -A FORWARD -p tcp -d 10.1.0.1 -j ACCEPT * -d -destination : Specify a destination addressĮxample : Allow port forwarding for tcp traffic to the IP 10.1.0.1 * -s -source : Specify a source address to matchĮxample: Allow incoming (the INPUT chain) tcp traffic comming from the IP 192.168.42.42 Iptables -A INPUT -p tcp -m tcp -sport 143 -j DROP Įxample: DROP tcp incomming traffic on port 143 * -m -match : Specify what you want to match : tcp, udp, state. * -p -protocol : Specify the protocol : tcp, udp, icmp, all IP addresses could be optionally associated with their mask like that : IP-address/mask Iptables -A INPUT -p tcp ! -source 10.42.42.42 -j DROP For example a command to avoid all incomming tcp traffic except from the IP 10.42.42.42 is written as follow : The character "!" can be used to specify the oposite. * -P -policy : Allow to specify to the kernel the default policy of a chain ACCEPT, REJECT, DROP. Iptables -X LOG_DROP # Delete the LOG_DROP chain * -X -delete-chain : Allow to delete a chain * -N -new-chain : Allow to create a new chain Iptables -F INPUT # Delete all the rules of the INPUT chain * -F -flush : Delete all the rules of a chain Iptables -L INPUT # Display all the INPUT rules (FILTER) Iptables -L # Display all the rules of the FILTER chains * -I -insert : Allow to add a chain in a specific area of the global chain * -R -replace : Allow to replace the specified chain There's 2 way to use it, you can specify the number of the chain to delete or specify the rule to delete * -A -append : Add the rule a the end of the specified chain The first step is to know iptables commands. This guide will not talk about NAT things. The final step will be to make the script running on each boot.Īs another great resource you can have a look at bodhi.zazen iptables page on his website: The purpose of this guide is to provide a basic knowledge about iptables and then help to create a firewall script. ![]() The tutorial has been reviewed and the given script corrected, the previous given script were opening https and IRC port which was not required.įor advanced users which are comfortable with this guide here is a link to another tutorial on the topic which especially written for advanced users as it explains how to set a firewall with input and output filtering :Īfter getting some problems with firestarter i decided to get knowledge about iptables and how to set my own firewall script and want to share this experience for users who want to set quickly a custom firewall.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |