Basic commands
Showing current status
iptables -L -v -nAdding rules
iptables -A chain_name -p protocol –dport port -j action
Allow tcp connection with port 22 input:
iptables -A INPUT -p tcp --dport 22 -j ACCEPTDisallow tcp connection with port 22 input:
iptables -A INPUT -p tcp --dport 22 -j REJECTDeleting rules
Deleting all rules
iptables -FDeleting selected rule
Listing all rules with line numbers.
iptables -L --line-numbersDeleting the rule of selected line.
iptables -D INPUT rule_line_numberUseful Rules
Allowing local connections.
iptables -A INPUT -i lo -j ACCEPTOnly allowing 21/22/80/443 port’s connection for web service.
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROPOnly allowing 21/22/80/443 port’s connection of IPv6 for web service.
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
ip6tables -I INPUT -i lo -j ACCEPT
ip6tables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROPRedirect port
iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8080Restoring rules when system start
Saving iptables setting to /etc/iptables.rules
Method1
Install a package to perisit iptables configuration.
apt install iptables-persistentThen, save it.
iptables-saveMethod2
iptables-save >/etc/iptables.rulesRestoring when system startup
Editing network configuration file
vim /etc/network/interfacesAppending following codes
pre-up iptables-restore < /etc/iptables.rules