Robert Harker Technical Wiki
Thoughts and Ideas About Large Sites

[ Prev ] [ Index ] [ Next ]

iptables

TOPIC

yum install iptables-services
service iptables status
systemctl enable iptables.service
# configure ports
vi /etc/sysconfig/iptables
systemctl start iptables.service
# ipv6
systemctl enable ip6tables.service
systemctl start ip6tables.service

# Save the current iptables rules to a file with:
/sbin/iptables-save > /etc/sysconfig/iptables

/usr/libexec/iptables/iptables.init save

########################################################

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# -j MASQUERADE target is specified to mask the private IP address
# -A POSTROUTING -o p1p2 -j MASQUERADE

# exlicitly define SNAT
# -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 10.4.0.0/22 -d 192.168.42.0/24 -o eth0 -j SNAT --to-source 192.168.42.254
-A POSTROUTING -s 10.4.0.0/22 -o eth0 -j SNAT --to-source 173.228.13.32
COMMIT
#
*filter

# Allow forwarding of packets from/to eth1
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# COMMIT at the end of the filter rules

Logging dropped packges
from: http://www.thegeekstuff.com/2012/08/iptables-log-packets/

Log All Dropped Input Packets
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

Log All Dropped Outgoing Packets
iptables -N LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

Log All Dropped Packets (both Incoming and Outgoing)
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

# 25 Most Frequently Used Linux IPTables Rules Examples
http://www.thegeekstuff.com/2011/06/iptables-rules-examples/

Linux IPTables: Incoming and Outgoing Rule Examples (SSH and HTTP)
http://www.thegeekstuff.com/2011/03/iptables-inbound-and-outbound-rules/

Backlinks: index Start
Created with Zim desktop wiki