iptables

Links

- <http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables>
- <http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html>

• Regeln speichern

  • iptables-save > rules.fw
  • Um sie wieder zu laden wird folgender Befehl benutzt:

    iptables-restore < rules.fw
    

  • Automatisches wiederherstellen: http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/

Regeln löschen

- <https://major.io/2007/02/09/delete-single-iptables-rules/>
  
  ```{=html}
  <!-- -->
  ```
- Regeln auflisten:
  
  ```bash
    iptables -L
    iptables -L INPUT --line-numbers
    iptables -t nat -L
  
    iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT
  ```
- oder anhand der Chain Nummer:  `iptables -D INPUT 4`

-

• Flush Rules

  • Alle Regeln loeschen:

  • #!/bin/sh
    echo "Stopping firewall and allowing everyone..."
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    

• ICMP akzeptieren (ping)

  • iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A INPUT  -p icmp --icmp-type echo-reply   -j ACCEPT
    

• Alles außer einer Domain Blocken

• Allow loopback

  • iptables -I INPUT 1 -i lo -j ACCEPT

• Allow DNS

• iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
  # Now, allow connection to website serverfault.com on port 80  
  iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT
  

• https Requests

  • iptables -A OUTPUT -p tcp -d serverfault.com --dport 443 -j ACCEPT
    iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    

• Drop everything

  • iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    

Weiterleitung

- <https://stackoverflow.com/questions/10727443/how-to-use-iptables-in-linux-to-forward-http-and-https-traffic-to-a-transparent>