Using iptables in Ubuntu

Others 2022-05-26 14:21:18 views: 0

(1) Set the boot to start iptables

 

# sysv-rc-conf --level 2345 iptables on

 

 

 

(2) Basic commands of iptables

 

1. List the current iptables policies and rules

# iptables -L -n

 

-n: display in numerical form

 

# iptables -L -v

 

-v: print verbose information

 

2. Allow established connections to receive data

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 

 

3. Open port 22 (the default port for SSH), you need to tell iptables to allow all received TCP packets with destination port 22 to pass through

 

iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT

 

Note: ssh stands for 22, and the services that can be found in /etc/services can be used in this way.

 

 

4. Add a policy. A policy is also a rule, when none of the rules match, the "policy" of the chain is used

链:INPUT, PREROUTING, FORWARD, POSTROUTING, OUTPUT

 

The default value of the chain strategy is: ACCEPT.

 

Tables: filter (default), nat, mangle.

 

#iptables -P INPUT DROP

#iptables -P OUTPUT ACCEPT

#iptables -P FORWARD DROP

 

----------------------------------------------------

 

root@patrick:~# iptables -L -n

Chain INPUT (policy DROP)

target     prot opt source               destination         

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 

 

Chain FORWARD (policy DROP)

target     prot opt source               destination         

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 

----------------------------------------------------

 

5. Enable packet forwarding

 

Forwards FTP requests from the intranet to a host on the extranet.

 

iptables -t nat -A PREROUTING -p tcp -dport 21 -j DNAT --to-dest 10.25.1.7:21

 

Check:

 

# iptables -L -t nat

 

To implement packet forwarding, you also need to edit kernel parameters.

 

# cat /proc/sys/net/ipv4/ip_forward

0

 

By default packet forwarding is disabled. So it needs to be opened. Edit /etc/sysctl.conf, then execute sysctl -p.

(3) Rules for saving iptables

step 1) Save the current iptables rules to a file.

 

# iptables-save > /etc/iptables.up.rules

 

step 2) Restore the rules of iptables on boot. Do this by adding the following line to the end of the file '/etc/network/interfaces/'.

 

pre-up iptables-restore < /etc/iptables.up.rules

 

(4) Disable the firewall

 

iptables -F

 

It seems that there is no command like service iptables stop in Ubuntu to stop iptables. Only use this method to disable iptables (firewall).

 

Before using, please ensure that the rules have been backed up in the file.

 

Forward: http://blog.sina.com.cn/s/blog_7a9af9b10101cj6s.html

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326950189&siteId=291194637
Recommended
Ranking
Business team with OKR removed a stumbling block on the road of success
Huihai Semiconductor Boost LED Constant Current Driver Chip H6911 Solution
Leetcode 128. Longest Consecutive Sequence (Hash + Optimization)
JVM学习笔记(六)JMM和Volatile
java review-Calendar class
LeetCode Brushing Diary Hash Table I
Spring Cloud Config uses SVN as configuration source
__enter __, __ exit__ difference
Remove null values in String array
Basic difference --- child burst suffix array yxs bare title board title monotonous simple application stack string study to understand problems
Daily
More
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)

Code World

© 2018 codetd.com