Iptables is the name of the user space tool by which administrators create rules for the packet filtering (both inbound and outbound) and NAT modules. Today Iptables is a standard part of all modern Linux distributions.

Steps

  1. The first that you need to do is go to the Linux terminal. Then you can play with the program.
  2. This is how you can Block Specific IP Using IPTables
  3. iptables -I INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP [edit] How To Search For IP Addresses In IPTables
  4. Use the following command:
    • iptables -nL | grep xxx.xxx.xxx.xxx
    • (-n) prevents each IP from resolving to its hostname
    • (-L) lists all of the rules
    • IPTables Log SSH
    • iptables -I INPUT -j LOG -m state –state NEW -p tcp –dport 22

Tips

How to disable and restore IPTables

    • /sbin/iptables-save > backupfilename
    • service IPTables stop
    • cat backupfilename | /sbin/iptables-restore
    • service IPTables start

  • IPTables Firewall Template
    • Prevent SYN floods from consuming memory resources

  • echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    • By default DROP any incoming or forwarded packets, allow all outgoing packets

  • iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
    • Clear any established specific rules

  • iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -F -t nat
    • Permit packets in to firewall itself that are part of existing and related connections.

  • iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
    • Allow all inputs from te loopback interface

  • iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
    • Accept connections coming through for SSH (22) and samba

  • iptables -A INPUT -p tcp -s 129.180.0.0/0 –destination-port 22 –syn -j ACCEPT iptables -A INPUT -p tcp -s 129.180.0.0/0 –destination-port 137:139 –syn -j ACCEPT iptables -A INPUT -p tcp -s 129.180.0.0/0 –destination-port 445 –syn -j ACCEPT
    • Accept UDP packets for samba

  • iptables -A INPUT -p udp -s 129.180.0.0/0 –destination-port 137:139 -j ACCEPT iptables -A INPUT -p udp -s 129.180.0.0/0 –destination-port 445 -j ACCEPT
    • Permitting a caching DNS Server
    • We need to permit querying a remote DNS server.

  • iptables -A INPUT -p udp -s 129.180.1.4/0 –source-port 53 –destination-port 1024:65535 -j ACCEPT
  • IPTables Enable Specific Ports
  • This script basically blocks all the ports, and enables only the ones needed. Please edit it as necessary.
  • 1. !/bin/bash
  • iptables –flush iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp -m multiport –dport 21,22,80,443 -j ACCEPT iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables-save
  • IPTABLES for Port 22 example…
  • iptables -I INPUT -s 24.192.43.232 -j ACCEPT (this is for all) iptables -I INPUT -p tcp –dport 22 -s 24.192.43.232 -j ACCEPT (this is for port 22 only)

Warnings

  • Take care at the time to handle Iptables, a minor issue can be a big security fail in your system.

Related wikiHows

Sources and Citations

Article provided by wikiHow, a collaborative writing project to build the world’s largest, highest quality how-to manual. Please edit this article and find author credits at the original wikiHow article on How to Work With Iptables. All content on wikiHow can be shared under a Creative Commons license.

Feedbacks: We appreciate feedbacks and suggestions about our website info@techgyaan.org