20 iptables firewall Rule usage!

Source: Internet
Author: User

Guide Managing network traffic is one of the toughest tasks a system administrator has to deal with, and we need to specify that users connecting to the system meet the ingress and egress requirements of the firewall to maximize system protection against attack. Many users use Linux IPTables as a firewall, and from a strict standpoint IPTables is just a command-line tool that helps administrators define rules and communicate with Linux Kernel. It just helps administrators configure the list of incoming and outgoing rules for network traffic, which is actually implemented in the Linux kernel.

IPTables includes a set of built-in and user-defined "chains," where administrators can attach various packet processing rules on the chain.

    • Filter default filtering table, the built-in chain is:
      • INPUT: Processing incoming packets to local
      • FORWARD: Handling packets routed through the system
      • OUTPUT: processing Local outgoing packets
    • NAT implements a table for network address translation, with the built-in chain:
      • Prerouting: Processing Incoming packets
      • OUTPUT: Processing locally generated packets
      • Postrouting: Processing Outgoing packets
    • MANGLE This table is used to change packets, a total of 5 links:
      • Prerouting: Handling Incoming connections
      • OUTPUT: Processing locally generated packets
      • INPUT: Processing messages
      • Postrouting: Processing Outgoing packets
      • FORWARD: Handling packets forwarded through a native

The next step is to introduce the IPTables rules that 25 Linux administrators use most often.

1. Start, stop, and restart Iptables

Although IPTables is not a service, its state can be managed as a service in Linux.

SYSTEMD-based Systems
Systemctl start iptablessystemctl stop iptablessystemctl restart Iptables
Sysvinit-based Systems
/etc/init.d/iptables start/etc/init.d/iptables stop/etc/init.d/iptables Restart
2. View Iptables Firewall Policy

You can use the following command to view the IPtables firewall policy:

Iptables-l-n-v

The above command should return the output of the data:

The above command is to view the default FILTER table, and if you only want to view a specific table, you can follow the- T parameter followed by the name of the table you want to view separately. For example, to view only the rules in a NAT table, you can use the following command:

Iptables-t nat-l-v–n
3. Block an IP address

If you publish an IP to import an attack or abnormal traffic to the server, you can use the following rules to mask its IP address:

Iptables-a input-s xxx.xxx.xxx.xxx-j DROP

Note that you need to change the above XXX to the actual IP address to be masked, where the -a parameter is appended to this rule at the end of the INPUT chain. (The rules in IPTables are matched from top to bottom, and once the match is successful, no further matching will be made.)

If you only want to block TCP traffic, you can use the specified protocol for the- p parameter, for example:

Iptables-a input-p tcp-s xxx.xxx.xxx.xxx-j DROP
4. Unlock an IP address

To unblock an IP address, you can delete it using the following command:

iptables-d input-s xxx.xxx.xxx.xxx-j DROP

Where the- D parameter indicates that one or more rules are removed from the chain.

5. Use iptables to close specific ports

Many times, we need to block a particular port's network connection, and you can use IPtables to close a specific port.

To block a specific outgoing connection:

Iptables-a output-p TCP--dport xxx-j DROP

To block a specific incoming connection:

Iptables-a input-p TCP--dport xxx-j ACCEPT
6, using Multiport control multi-Port

With Multiport we can write multiple ports in a single rule at once, for example:

Iptables-a INPUT-  p tcp-m multiport--dports 22,80,443-j acceptiptables-a output-p tcp-m multiport--sports 22,8 0,443-j ACCEPT
7. Use IP address ranges in rules

The IP address range in IPtables can be expressed directly using CIDR, for example:

Iptables-a output-p tcp-d 192.168.100.0/24--dport 22-j ACCEPT
8. Configure Port Forwarding

Sometimes we need to forward some service traffic from the Linux server to the other port, at which point we can use the following command:

Iptables-t nat-a prerouting-i eth0-p tcp--dport 25-j REDIRECT--to-port 2525

The above command forwards all traffic that reaches the Eth0 NIC 25 port to port 2525.

9. Block HTTP Service flood attack

Sometimes a user initiates a large number of connection requests on a service, such as HTTP 80, at which point we can enable the following rules:

Iptables-a input-p tcp--dport 80-m limit--limit 100/minute--limit-burst 200-j ACCEPT

The above command restricts the connection to 100 per minute and is set to a maximum of 200.

10. Prohibit Ping

For Linux-Forbidden pings, you can use the following rules to mask ICMP Incoming connections:

Iptables-a input-p icmp-i eth0-j DROP
11. Allow access to the loopback network card

Loopback Access (127.0.0.1) is more important and is recommended for everyone to open:

Iptables-a input-i lo-j acceptiptables-a output-o lo-j ACCEPT
12. Block the specified MAC address

Use the following rules to mask the specified MAC address:

Iptables-a Input-m mac--mac-source 00:00:00:00:00:00-j DROP
13. Limit the number of concurrent connections

If you do not want to have too many concurrent connections from a particular port, you can use the following rules:

Iptables-a input-p TCP--syn--dport 22-m connlimit--connlimit-above 3-j REJECT

The above rules limit no more than 3 connections per client.

14. Clear Iptables Rules

To empty the IPtables chain, you can use the following command:

Iptables-f

To clear a specific table, you can specify it with the- T parameter, for example:

Iptables-t nat–f
15. Save Iptables Rules

By default, the Administrator's action on the IPtables rule takes effect immediately. However, since the rules are stored in memory, restarting the system will cause the configuration to be lost, and to permanently save the IPtables rule you can use the iptables-save command:

Iptables-save > ~/iptables.rules

Save the name you can change it yourself.

16. Restore Iptables Rules

You can restore a saved rule by using the iptables-restore command:

Iptables-restore < ~/iptables.rules
17, allow the establishment of related connections

With the separation of network traffic, the following rules can be used to allow incoming connections to be established:

Iptables-a input-m conntrack--ctstate established,related-j ACCEPT

Rules that allow outgoing related connections to be established:

Iptables-a output-m conntrack--ctstate established-j ACCEPT
18. Discard Invalid packets

Many cyber attacks attempt to use a hacker's custom illegal packet, and we can discard invalid packets using the following command:

Iptables-a input-m conntrack--ctstate invalid-j DROP
19. Iptables blocking mail sending rules

If your system is not used for mail sending, we can block SMTP outgoing ports in the rules:

Iptables-a output-p TCP--dports 25,465,587-j REJECT
20. Block the connection to a network card

If your system has more than one network card, we can restrict IP range access to a certain network card:

Iptables-a input-i eth0-s xxx.xxx.xxx.xxx-j DROP

The source address can be either IP or CIDR.

20 iptables firewall Rule usage!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.