Handy IPtable Firewall Rules

Handy IPtable Firewall Rules

  • by KH. PAVEL
  • 22/03/2020 - 05:34 PM
  • 0 Comments

iptables is a great firewall utility built for Linux operating systems. Traditionally known as a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores.


iptables is a great firewall utility built for Linux operating systems. Traditionally known as a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. iptables applies to IPv4. iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables.

 

So, in general we can say that Iptables is a Linux command line firewall to manage incoming and outgoing traffics via a set of rules. Here in this blog I have gathered some handy rules, which can be very useful for all system administrtors. 

 

As per iptables manual, there are currently 3 types of tables:

1. FILTER – this is the default table, which contains the built-in chains for:

  • INPUT – packages destined for local sockets
  • FORWARD – packets routed through the system
  • OUTPUT – packets generated locally

 

2. NAT – a table that is consulted when a packet tries to create a new connection. It has the following built-in:

  • PREROUTING – used for altering a packet as soon as it’s received
  • OUTPUT – used for altering locally generated packets
  • POSTROUTING – used for altering packets as they are about to go out

 

3. MANGLE – this table is used for packet altering.

  • PREROUTING – for altering incoming connections
  • OUTPUT – for altering locally generated packets
  • INPUT – for incoming packets
  • POSTROUTING – for altering packets as they are about to go out
  • FORWARD – for packets routed through the box

 

Rule 1: Start/Stop/Restart Iptables Firewall

systemctl start iptables

systemctl stop iptables

systemctl restart iptables

 

Rule 2: Check all IPtables Firewall Rules

iptables –L –n –v

 

Rule 3: To check the rules for a specific table

iptables –t nat –L –n –v

 

Rule 4: Block Specific IP Address in IPtables Firewall

iptables -A INPUT -s 192.168.63.45 -j DROP

 

Rule 5: To block only TCP protocol:

iptables -A INPUT –p tcp -s 192.168.63.45 -j DROP

 

Rule 6: Unblock IP Address in IPtables Firewall

iptables -D INPUT -s 192.168.63.45 -j DROP

 

Rule 7: Block Specific Port on IPtables Firewall

To block outgoing connections on a specific port use:

iptables -A OUTPUT -p tcp --dport 80 -j DROP

To allow incoming connections use:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

 

Rule 8: Allow Multiple Ports on IPtables using Multiport

iptables -A INPUT  -p tcp -m multiport --dports 22,80,443 -j ACCEPT

iptables -A OUTPUT -p tcp -m multiport --sports 22,80,443 -j ACCEPT

 

Rule 9: Allow Specific Network Range on Particular Port on IPtables

iptables -A OUTPUT -p tcp -d 192.168.100.0/24 --dport 22 -j ACCEPT

 

Rule 10: Block website on IPtables Firewall

For Example Domain: facebook.com

host facebook.com

->facebook.com has address 157.240.13.35                 

whois 157.240.13.35 | grep CIDR

->CIDR: 157.240.0.0/16

iptables -A OUTPUT -p tcp -d 66.220.144.0/20 -j DROP

 

Rule 11: Setup Port Forwarding in IPtables

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

 

Rule 12: Block Network Flood on Apache Port with IPtables

iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT

 

Rule 13: Block Incoming Ping Requests on IPtables

iptables -A INPUT -p icmp -i eth0 -j DROP

 

Rule 14: Allow loopback Access

Loopback access (access from 127.0.0.1) is important and you should always leave it active:

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

 

Rule 15: Block Access to Specific MAC Address on IPtables

iptables -A INPUT -m mac --mac-source 00:AF:F0:3C:12:08 -j DROP

 

Rule 16: Limit the Number of Concurrent Connections per IP Address

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

 

Rule 17: Search within IPtables Rule

Format: iptables -L $table -v -n | grep $string

iptables -L INPUT -v -n | grep 192.168.63.25        

 

Rule 18: Define New IPTables Chain

iptables -N custom-filter                 

To check the new filter:

iptables –L

 

Rule 19: Flush IPtables Firewall Chains or Rules

iptables --flush

iptables --table nat –flush

 

Rule 20: IPtables Rules to/from a File

Save IPtables Rules to a File

iptables-save > ~/iptables.rules

Restore IPtables Rules from a File

iptables-restore < ~/iptables.rules

 

Rule 21: Allow Established and Related Connections

For incoming connections:

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

For outgoing use:

iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

 

Rule 22: Drop Invalid Packets in IPtables

iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

All Comments


Post Your Comment

Please login to post a comment!