Here’s a quick reference for configuring iptables firewall rules. I don’t use this enough to have it all memorized, so this post will hopefully come in useful for the next time I need to configure a firewall.
# show basic filters iptables -L # show filters with rules numbers an packet counts, using ips. iptables -nvL --line-numbers # zero out bytes in verbose listing iptables -Z # dump current rules in iptables-save format # (useful for formatting new rules) iptables -S # drop/reject all inbound packets by default iptables -P INPUT DROP iptables -P INPUT REJECT # add a rule to the end of a chain allow all http traffic iptables -A INPUT -p tcp --dport 80 -j ACCEPT # insert a rule into a chain # use the --line-numbers flag from above to get $RULE iptables -I INPUT $RULE -p tcp --dport 80 -j ACCEPT # allow all local traffic iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # delete a rule from a chain iptables -D INPUT $RULE # delete all rules from a chain iptables -F INPUT $RULE # delete all chains from the firewall table iptables -X # create a new chain called $CHAIN iptables -N $CHAIN # allowing incoming and established traffic iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT # block an ip completely iptables -A INPUT -s X.X.X.X -j DROP # saving and restoring rules iptables-save > iptables.rules iptables-restore < my_iptables_rules.txt
- Ubuntu: IptablesHowTo
- Iptables: Traversing of tables and chains
- Is it better to set -j REJECT or -j DROP in iptables?