Iptables: Difference between revisions
Jump to navigation
Jump to search
(Created page with "===Show rules, with line numbers and don't resolve IP's=== iptables -nL --line-numbers ===Delete a line, e.g. 35=== iptables -D INPUT 35 ===Append Rule=== Allow single port from a network iptables -A INPUT -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT Allow multi ports from a network iptables -A INPUT -s [src-ip/sm] -p tcp -m multiport --dports [dest-port1],[dest-port2] -m conntrack --cts...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
===Show | ===Show Rules=== | ||
With line numbers and don't resolve IP's: | |||
iptables -nL --line-numbers | iptables -nL --line-numbers | ||
===Delete a line | ===Delete a line=== | ||
e.g., line #35: | |||
iptables -D INPUT 35 | iptables -D INPUT 35 | ||
===Append Rule=== | ===Append Rule=== | ||
Allow single port from a network | Adds the rule to the END of the list. | ||
Allow single port from a network: | |||
iptables -A INPUT -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | iptables -A INPUT -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | ||
Allow multi ports from a network | Allow multi ports from a network: | ||
iptables -A INPUT -s [src-ip/sm] -p tcp -m multiport --dports [dest-port1],[dest-port2] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | iptables -A INPUT -s [src-ip/sm] -p tcp -m multiport --dports [dest-port1],[dest-port2] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | ||
===Insert Rule=== | ===Insert Rule=== | ||
Inserts a rule before a specific line number: | |||
iptables -I INPUT [line#] -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | iptables -I INPUT [line#] -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT | ||
===Save iptables=== | ===Save iptables=== | ||
Make changes persistent - otherwise you'll lose them at next reboot: | |||
iptables-save > /etc/sysconfig/iptables | iptables-save > /etc/sysconfig/iptables | ||
Latest revision as of 02:13, 13 February 2024
Show Rules
With line numbers and don't resolve IP's:
iptables -nL --line-numbers
Delete a line
e.g., line #35:
iptables -D INPUT 35
Append Rule
Adds the rule to the END of the list.
Allow single port from a network:
iptables -A INPUT -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT
Allow multi ports from a network:
iptables -A INPUT -s [src-ip/sm] -p tcp -m multiport --dports [dest-port1],[dest-port2] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT
Insert Rule
Inserts a rule before a specific line number:
iptables -I INPUT [line#] -s [src-ip/sm] -p tcp -m tcp --dport [dest-port] -m conntrack --ctstate NEW -m comment --comment "[comment]" -j ACCEPT
Save iptables
Make changes persistent - otherwise you'll lose them at next reboot:
iptables-save > /etc/sysconfig/iptables