linux:iptables
iptables
图片来源:iptables配置实践
Usage
Save current iptables configuration:
service iptables save
Options
| option | meaning |
|---|---|
| -A | append rule |
| -j | jump, ACCEPT, DROP |
| -p | proto, tcp, udp, icmp |
| -s | source, address[/mask] |
| -d | destination, address[/mask] |
| -m | match |
Rules
List current iptables rules:
iptables -nL
Clear all iptables rules:
iptables -F
Allow ping(icmp):
iptables -A INPUT -p icmp -j ACCEPT
Open ports:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # allow ssh
Allow specify ip traffic in and out
iptables -A INPUT -p tcp -s [ip] -j ACCEPT iptables -A OUTPUT -p tcp -d [ip] -j ACCEPT
Allow NTP traffic for time synchronization:
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT iptables -A INPUT -p udp --sport 123 -j ACCEPT
Allow established connections important:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Drop all other traffic(ban all incoming traffic) put this to bottom:
iptables -A INPUT -j DROP
Router
Redirect all dns query to specified ip:
iptables -t nat -A PREROUTING -p udp -s 192.168.1.0/24 --dport 53 -j DNAT --to 192.168.1.1
Redirect all dns query to specified ip except some ip:
iptables -t nat -A PREROUTING -p udp -s 192.168.1.24 -j ACCEPT iptables -t nat -A PREROUTING -p udp -s 192.168.1.0/24 --dport 53 -j DNAT --to 192.168.1.1
Reference
linux/iptables.txt · 最后更改: 2023/12/03 10:24 由 127.0.0.1