• Block an IP (basic, won't survive reboot): iptables -A INPUT -s 123.123.123.123 -j DROP
• A good, easy tutorial on the basics of IPtables.
• http://www.justlinux.com/nhf/Security/IPtables_Basics.html
• I found debugging iptables confusing until I figured out this basic command to list the NAT rules:
  - list the NAT rules:
  iptables -L  -t nat
  - list the FILTER rules (default iptables -L):
  iptables -L  
• Some versions of SmoothWall use iptables.
• iptables has a built in port knocking ability? https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
• Test rules: "Set a “failsafe” on a timer. The at command is great for this. Something simple, like echo 'service iptables stop' | at now + 1min will stop the iptables service after a minute. If you locked yourself out, grab a cup of coffee, log back in, and try again."

Tags: iptables, iptable, firewall, list, port forward, linux router, example, syntax,
 

Related Scribbles:

Networking, Firewalls, Routers, and Stuff

Reserved Private IP Ranges

SME Server Notes

---

ID: 518
Author:
leonard
Date Updated:
2018-09-14 20:08:15
Date Created:
2004-07-16 13:33:32

Edit

---

Comments?

 >> Leonard Chan's Homepage  >> Scribble Web  >> iptables notes

leonard.lotus-land.ca is hosted by Perceptus Solutions Inc.