Iptables is default linux firewall used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.
Here is some examples to know how it works
Syntax
iptables -A INPUT -s BAN-IP-ADDRESS -j DROP
iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP
To block IP
iptables -A INPUT -s 1.2.3.4 -j DROP
To view blocked IP address, enter:
iptables -L INPUT -v -n
or
iptables -L INPUT -v -n | less
To check specific IP
iptables -L INPUT -v -n | grep "1.2.3.4"
To unblock IP
iptables -D INPUT -v -n | grep "1.2.3.4"
To save rules
service iptables save
#########
Checking if ports are open/close
netstat -tulpn
Checking if specific port is opened
netstat -tulpn | grep :80
Checking what is iptables allow connection with 80 port
iptables -L INPUT -v -n | grep 80
Otherwise open it for all
iptables -A INPUT -m state –state NEW -p tcp –dport 80 -j ACCEPT
service iptables save
Checking via telnet
telnet www.cyberciti.biz 80
Also we can use nmap for checking
nmap -sS -p 80 www.alltime.pp.ua
Show the status
# iptables -L -n -v
where
-L : The list of rules
-v : Show the additional information. This feature is showing the name of interface, TOS mask. Also showing suffix 'K', 'M' or 'G'.
-n : Sowing IP address and ports (without using DNS server for name identifying. For fast searching ).
***
# host -t a www.facebook.com
Output
Find the CIDR for 69.171.242.27:
# whois 69.171.242.27 |grep CIDR
Output:
CIDR: 69.171.224.0/19
So block access on the range 69.171.224.0/19:
# iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -j DROP
Also we can use simply domain for blocking
# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
# iptables -A OUTPUT -p tcp -d facebook.com -j DROP
To view rules
iptables -L INPUT |
To view rules with line numbers
iptables -L INPUT –line-numbers |
To remove rule with number 1
iptables -D INPUT 1 |
Save rules to file
Syntax – iptables-save > [path to file]
iptables-save > /etc/iptables.conf |
Restore rules from file
Syntax – iptables-restore < [path to file]
iptables-restore < /etc/iptables.conf |