Firewall: Difference between revisions

From Run Your Own
Jump to navigation Jump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 13: Line 13:


=== Usage ===
=== Usage ===
* Apply new rules after changes made to rules.v* files and check result
* Apply new rules after changes made to <code>rules.v*</code> files and check result
  netfilter-persistent reload
  netfilter-persistent reload
  iptables -L
  iptables -L
Line 21: Line 21:
* list all rules from all chains
* list all rules from all chains
  iptables -L
  iptables -L
* block an IP
iptables -I INPUT -s 192.168.111.111 -j DROP
iptables -I OUTPUT -d 192.168.111.111 -j DROP
[[Category:System]]

Latest revision as of 22:14, 2 May 2024

Different ways to handle iptables.

Using iptables-persistent on Debian

Note: In use on vrijdagmiddagborrel.

It's basically a set of iptables plugins for netfilter-persistent, which itself is a loader for different netfilter configuration. Once installed, it will take care of restoring rules at boot time, and through a small helper, can be used to reload/update/save rules on the fly.

Installation and config

  • Installation:
apt install iptables-persistent netfilter-persistent
  • Add/change iptables rules located at /etc/iptables/rules.v4 and /etc/iptables/rules.v6

Usage

  • Apply new rules after changes made to rules.v* files and check result
netfilter-persistent reload
iptables -L


iptables oneliners

  • list all rules from all chains
iptables -L
  • block an IP
iptables -I INPUT -s 192.168.111.111 -j DROP
iptables -I OUTPUT -d 192.168.111.111 -j DROP