Tech/OSS/IPTABLES

From lathama
< Tech‎ | OSS
Jump to navigation Jump to search

IPTables can be called the Linux Firewall. It has many features that go beyond a simple firewall. Moving forward the replacement for IPTables is Tech/OSS/NFT or NFTables where NF means Net Filter.


Flush or remove rules

Default accept 

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Flush 

iptables -F

Delete Chains 

iptables -X

Reset counters 

iptables -Z

Clean up NAT 

iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables iptables -t raw -F
iptables -t raw -X

Useful Aliases

Ban and Unban Bash aliases to add to system profile or bashrc that will ban, unban and list source addresses to drop with IPTABLES. 

alias ban='iptables -I INPUT -j DROP -s'
alias unban='iptables -D INPUT -j DROP -s'
alias banlist='iptables -L | grep DROP'

Usage would be 

# ban 123.123.123.123
# banlist
DROP       all  --  123.123.123.123      anywhere
# unban 123.123.123.123
# banlist
# echo "yeah IP Ban is removed"
yeah IP Ban is removed
Retrieved from "https://lathama.net/index.php?title=Tech/OSS/IPTABLES&oldid=826"