Iptables is a firewall on linux os.You can manage your ınput and output traffic with a lots of properties.You can use iptables like a router, nat or proxy too.
There are three default chain comes with iptables.These are
Input:You can arrenge packets that comes to your computer.
Forward:You can arrrange packets that forwarded on your computer.
Output:You can arrange your output packets from your computer.
Processes to packets: Drop, reject, accept or forwarding another chaine . We will check having rpm packets or not.
|
1 |
rpm -q iptables |
Iptables rules define on at this file.
|
1 |
iptables -L |
Listing the rules
We can define with -P (policy) iptables chain situation.Such as drop input packets.
|
1 |
iptables -P INPUT DROP |
As you see policy is dropped.
We can delete all rule in a chain.
|
1 |
iptables -F INPUT # -f flush |
# -f flush
Adding rule to the end of the chain
|
1 |
iptables -A INPUT -j ACCEPT |
We can add rule on a chain which line we want.
|
1 |
iptables -I INPUT 2 -j ACCEPT |
As you see we add 2. INPUT rule is DROP
We can create new chain with this command
|
1 |
iptables -N <chainName> |
Deleting a rule on the chain
|
1 |
iptables -D <ruleName> -j <RuleName> |
We add a rule to NewChain and then deleted it
Deleting the chain
|
1 |
iptables -X <Chain_name> |
When we define rules, we can add more option too, such as protocol source ip source port likely destination ip and port.
–sport – = source port and if you use “!” this mean expect this port.
–dport – = destination port
İf you use icmp protocol, you filter according to icmp packet type
–icmp-type
-ı and -o parametres are using to define which interface us it.-ı UNPUT, -o OUTPUT
We can define rules to iptables, we are able to write rules according to its situation.
NEW:first packet that side start to connection
RELATED:Sended packet depend on an old established connection.
ESTABLİSHED:Packet that depend on established connection
INVALID: Packets that doesn’t depend on any connection.
-j define the actions such as;
DROP, REJECT, ACCEPT, CHAIN
|
1 |
iptables -A INPUT -p tcp -s 192.160.120.133 -m state --state RELATED -j DROP |
We can saved he rules that defined with “iptables-save” command and we can write this rules to a file for making our rule permanent.
|
1 |
iptables-save > /etc/sysconfig/iptables |
We can save with “service iptables save” too.
I will take a copy of my rules for restoring.I can use these command another host or I can restore my iptables with this command.
|
1 |
iptables-restore < /etc/sysconfig/iptables_restore |
These are basic configuration of iptables you can more info on man page of iptables. Type to your console:
|
1 |
man iptables |
or read this page;
Good luck!
