Firewall: Difference between revisions
Jump to navigation
Jump to search
Using
No edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
=== Usage === | === Usage === | ||
* Apply new rules after changes made to rules.v* files and check result | * Apply new rules after changes made to <code>rules.v*</code> files and check result | ||
netfilter-persistent reload | netfilter-persistent reload | ||
iptables -L | iptables -L | ||
Line 21: | Line 21: | ||
* list all rules from all chains | * list all rules from all chains | ||
iptables -L | iptables -L | ||
* block an IP | |||
iptables -I INPUT -s 192.168.111.111 -j DROP | |||
iptables -I OUTPUT -d 192.168.111.111 -j DROP | |||
[[Category:System]] |
Latest revision as of 22:14, 2 May 2024
Different ways to handle iptables
.
Using iptables-persistent
on Debian
Note: In use on vrijdagmiddagborrel
.
It's basically a set of iptables
plugins for netfilter-persistent
, which itself is a loader for different netfilter configuration. Once installed, it will take care of restoring rules at boot time, and through a small helper, can be used to reload/update/save rules on the fly.
Installation and config
- Installation:
apt install iptables-persistent netfilter-persistent
- Add/change iptables rules located at
/etc/iptables/rules.v4
and/etc/iptables/rules.v6
Usage
- Apply new rules after changes made to
rules.v*
files and check result
netfilter-persistent reload iptables -L
iptables
oneliners
- list all rules from all chains
iptables -L
- block an IP
iptables -I INPUT -s 192.168.111.111 -j DROP iptables -I OUTPUT -d 192.168.111.111 -j DROP