cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar








Etc


Reference














.

os:linux:etc:firewall:iptables:index.html



Linux

iptables - How to Use iptables in Linux

How to configure iptables

# cp -p /etc/sysconfig/iptables  /etc/sysconfig/iptables.`date -d '1day ago' +%Y%m%d`

# vi /etc/iptables.sh
# /etc/iptables.sh

# /etc/init.d/iptables save
<- created the /etc/sysconfig/iptables.save of old configuration

# diff /etc/sysconfig/iptables  /etc/sysconfig/iptables.`date -d '1day ago' +%Y%m%d`

Examples

#!/bin/sh


#iptable
iptables -F


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP


#Loopback
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#ping
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
#snmp
iptables -A OUTPUT -p udp --sport 161 -j ACCEPT
iptables -A INPUT  -p udp --dport 161 -j ACCEPT
#ntp
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
iptables -A INPUT  -p udp --sport 123 -j ACCEPT
#dns
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT  -p udp --sport 53 -j ACCEPT


#----------------------------------------------------------------------
iptables -A OUTPUT -d 192.168.10.11  -j ACCEPT  #test-server-1
iptables -A INPUT -s 192.168.10.11  -j ACCEPT   #test-server-1


iptables -A OUTPUT -d 192.168.10.12  -j ACCEPT  #test-server-2
iptables -A INPUT -s 192.168.10.12  -j ACCEPT   #test-server-2



os/linux/etc/firewall/iptables/index.html.txt ยท Last modified: 2017/05/14 by admin

Page Tools