Insight: Simple IPtables Rules For Linux Administrator
In this post, we are going to talk on basic but useful Linux commands related to IPtables.
List Of Simple IPtables Rules For Linux Administrator
Check the Current Rules
Run the following command to check the current rules.
$ sudo iptables -L
Check the Default Policy Chain Behavior
Run the following command to print out the default policy chain behavior of your system.
$ sudo iptables -L | grep policy
Check Iptables Status
Run the following command to see the current status of your iptables
$ sudo iptables -L -v
List Rules by Specification
It will display a list of all your rules based on their specifications.
$ sudo iptables -S
Reset Iptables Rules
Run the following command to reset Iptables rules.
$ sudo iptables -F
Starting the Iptables Firewall
Run the following command to start Iptables firewall where systemd is used.
$ sudo systemctl start iptables
Systems that use sysvinit $ sudo /etc/init.d/iptables start
Flush Iptables and Persist Changes
For flushing iptables and make the changes permanent.
$ sudo iptables -F && sudo /sbin/iptables-save
Saving Modified Iptables
$ sudo service iptables save
Stopping the Iptables Firewall
For systems that use systemd.
$ sudo systemctl stop iptables
For systems running sysvinit.
$ sudo /etc/init.d/iptables stop
Restarting the Iptables Firewall
Run the following command in your Linux to restart the Iptables firewall.
$ sudo systemctl restart iptables
Check All Existing Rules
Run the following command to print out the existing Iptables firewall rules in your system.
$ sudo iptables -L -n -v
Check Existing Rules for Specific Tables
Run the following command to check existing rules for the specific tables.
$ sudo iptables -t nat -L -v -n
List Rules for TCP Chains Only
Run the following command in Linux to list rules for TCP chains.
$ sudo iptables -S TCP
List Rules for UDP Chains Only
For UDP chains rules.
$ sudo iptables -S UDP
Block all Incoming Requests
Run the following command to block all incoming requests.
$ sudo iptables INPUT -j DROP
Block a Specific IP Address
Run the following command to block a specific IP address.
$ sudo iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
Block all TCP requests from an IP
Run the following command to block all TCP requests from an IP.
$ sudo iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP
Unblock an IP Address
Run the following command to unbloack an IP address in Linux.
$ sudo iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
Block IP Address Ranges
The below command lets you block all incoming requests from the IP range xxx.xxx.xxx.0/24.
$ sudo iptables -A INPUT -s xxx.xxx.xxx.0/24 -j DROP
Unblock IP Address Ranges
For unblocking a given IP address range from your iptables firewall.
$ sudo iptables -D INPUT -s xxx.xxx.xxx.0/24 -j DROP
Block all TCP requests for Given IP Range
Command to block all TCP requests from a given IP range, say xxx.xxx.xxx.0/24.
$ sudo iptables -A INPUT -p tcp -s xxx.xxx.xxx.0/24 -j DROP
Unblock all TCP requests for Given IP Range
Run the following command to unblock all TCP requests for given IP range.
sudo iptables -D INPUT -p tcp -s xxx.xxx.xxx.0/24 -j DROP
Block TCP Connections on Specific Ports
Block a specific port. For example, we are blocking 256 in this case.
$ sudo iptables -A OUTPUT -p tcp --dport 256 -j DROP
Allow TCP Connections on Port 80
Run the command to allow TCP connections on port 80.
$ sudo iptables -A INPUT -p tcp -s xxx.xxx.xxx.0/24 --dport 80 -j ACCEPT
Reject TCP Connections on Port 80
$ sudo iptables -A INPUT -p tcp -s xxx.xxx.xxx.0/24 --dport 80 -j DROP