IpTables

361  admin  
(last edited )

Iptables is default linux firewall used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.

Here is some examples to know how it works

Syntax
iptables -A INPUT -s BAN-IP-ADDRESS -j DROP
iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP

To block IP
iptables -A INPUT -s 1.2.3.4 -j DROP

To view blocked IP address, enter:
iptables -L INPUT -v -n
or
iptables -L INPUT -v -n | less

To check specific IP
iptables -L INPUT -v -n | grep "1.2.3.4"
To unblock IP
iptables -D INPUT -v -n | grep "1.2.3.4"
To save rules
service iptables save

#########

Checking if ports are open/close
netstat -tulpn

Checking if specific port is opened
netstat -tulpn | grep :80

Checking what is iptables allow connection with 80 port
iptables -L INPUT -v -n | grep 80

Otherwise open it for all
iptables -A INPUT -m state –state NEW -p tcp –dport 80 -j ACCEPT
service iptables save

Checking via telnet
telnet www.cyberciti.biz 80

Also we can use nmap for checking
nmap -sS -p 80 www.alltime.pp.ua

Show the status

# iptables -L -n -v

where

-L : The list of rules
-v : Show the additional information. This feature is showing the name of interface, TOS mask. Also showing suffix  'K', 'M' or 'G'.
-n : Sowing IP address and ports  (without using DNS server for name identifying. For fast searching ).

***

In order to block domain we need to know his IP address

# host -t a www.facebook.com

Output

star.c10r.facebook.com has address 69.171.242.27

Find the CIDR for 69.171.242.27:

# whois 69.171.242.27 |grep CIDR

Output:

CIDR:           69.171.224.0/19

So block access on the range 69.171.224.0/19:

# iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -j DROP

Also we can use simply domain for blocking

# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
# iptables -A OUTPUT -p tcp -d facebook.com -j DROP

To view rules

iptables -L INPUT

To view rules with line numbers

iptables -L INPUT –line-numbers

To remove rule with number 1

iptables -D INPUT 1

Save rules to file

Syntax – iptables-save > [path to file]

iptables-save > /etc/iptables.conf

Restore rules from file

Syntax – iptables-restore < [path to file]

iptables-restore < /etc/iptables.conf

 

 

 

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *