iptables
Links
- http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
- http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
Regeln speichern
- iptables-save > rules.fw
- Um sie wieder zu laden wird folgender Befehl benutzt:
iptables-restore < rules.fw - Automatisches wiederherstellen: http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/
Regeln löschen
-
Regeln auflisten:
iptables -L
iptables -L INPUT --line-numbers
iptables -t nat -L
iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT- oder anhand der Chain Nummer: `iptables -D INPUT 4`-
Flush Rules
- Alle Regeln loeschen:
#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPTICMP akzeptieren (ping)
-
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
Alles außer einer Domain Blocken
-
Allow loopback
- iptables -I INPUT 1 -i lo -j ACCEPT
-
Allow DNS
-
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # Now, allow connection to website serverfault.com on port 80 iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT -
https Requests
-
iptables -A OUTPUT -p tcp -d serverfault.com --dport 443 -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-
Drop everything
-
iptables -P INPUT DROP iptables -P OUTPUT DROP
-
Weiterleitung
- <https://stackoverflow.com/questions/10727443/how-to-use-iptables-in-linux-to-forward-http-and-https-traffic-to-a-transparent>