Firewall : Iptables

Iptables Rule
1 ) For accept and deny IP in Iptables :

iptables rules on Linux server:

# service iptables save

# service iptables stop

To allow ip address:

# iptables -A INPUT -s 82.18.238.16 -j ACCEPT

To deny ip address:

# iptables -A INPUT -s 82.18.238.16 -j DROP

# service iptables save

# service iptables start

iptables -L

or

Check ip deny / accept list

cat /etc/sysconfig/iptables
then
vi /etc/sysconfig/iptables

and add ip address

service iptables save

service iptables restart

2) Imp

iptables -D INPUT 14

where 14 is the line no. in Iptables – L
it will delete that line

nano /etc/sysconfig/iptables

iptables -A INPUT -t filter -s 88.111.200.216 -j ACCEPT
iptables -I INPUT -s 139.4.43.13 -j DROP
iptables -A INPUT -p tcp –source 198.66.78.2 –destination-port 56136 -j DROP

1] Block incoming packets from a single IP:
#iptables -I INPUT -s 195.175.37.70 -j DROP

2] Block incoming packets from a single IP on a single port:
#iptables -A INPUT -p tcp –source 1.2.3.4 –destination-port 22 -j DROP

3] Block incoming packets from a single IP on a range of ports (example: 5999:6003):
#iptables -A INPUT -p tcp –source

4] Block incoming packets from ANY ip coming in on a single port:
#iptables -A INPUT -p tcp –source 0.0.0.0 –destination-port 22 -j DROP

5] Block incoming packets from ANY ip coming in on a range of ports (example: 5999:6003):
#iptables -A INPUT -p tcp –source 0.0.0.0 –destination-port 5999:6003 -j DROP

6] Block outgoing packets on a single port:
#iptables -A OUTPUT -p tcp –destination

7] Block outgoing packets on a range of ports (example: 6660:6669):
#iptables -A OUTPUT -p tcp –destination 0.0.0.0 –destination-port 6660:6669 -j DROP

iptables -A INPUT -t filter -s 59.93.199.67 -j ACCEPT

OPening ports

iptables -A INPUT -p tcp –dport 25 -m state –state NEW -j ACCEPT

Inbound — iptables -A INPUT -p tcp –dport 21 -m state –state NEW -j ACCEPT
Outbound — iptables -A OUTPUT -p tcp –dport 25 -m state –state NEW -j ACCEPT

3) To stop iptables first fire the below command

service iptables save

service iptables stop

service iptables start

For Apf

service apf stop
service apf start

for blocking ip in apf firewall

apf -d <>

cd /etc/apf/deny

vi /etc/hosts.allow

Advertisements

2 thoughts on “Firewall : Iptables

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s