iptables Cheatsheet
Here’s a quick reference for configuring iptables firewall rules. I don’t use this enough to have it all memorized, so this post will hopefully come in useful for the next time I need to configure a firewall.
# show basic filters
iptables -L
# show filters with rules numbers an packet counts, using ips.
iptables -nvL --line-numbers
# zero out bytes in verbose listing
iptables -Z
# dump current rules in iptables-save format
# (useful for formatting new rules)
iptables -S
# drop/reject all inbound packets by default
iptables -P INPUT DROP
iptables -P INPUT REJECT
# add a rule to the end of a chain allow all http traffic
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# insert a rule into a chain
# use the --line-numbers flag from above to get $RULE
iptables -I INPUT $RULE -p tcp --dport 80 -j ACCEPT
# allow all local traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# delete a rule from a chain
iptables -D INPUT $RULE
# delete all rules from a chain
iptables -F INPUT $RULE
# delete all chains from the firewall table
iptables -X
# create a new chain called $CHAIN
iptables -N $CHAIN
# allowing incoming and established traffic
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# block an ip completely
iptables -A INPUT -s X.X.X.X -j DROP
# saving and restoring rules
iptables-save > iptables.rules
iptables-restore < my_iptables_rules.txt
Other Resources
- Ubuntu: IptablesHowTo
- Iptables: Traversing of tables and chains
- Is it better to set -j REJECT or -j DROP in iptables?
