Iptables cheat sheet

From MyLabWiki
Jump to: navigation, search

Applicable to Debian 8.

Blocking IP addresses

Permanently block an IP address[1]:

 iptables -A INPUT -s a.b.c.d -j DROP

Unblock IP address[1]:

 iptables -D INPUT -s a.b.c.d -j DROP

Block and IP address after 3 failed SSH login attempts made within 60 seconds[2]:

 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The reference[2] also gives info about how to set up logging.

Save and restore the rules

Check the existing rules using:

 iptables -L

Save them to a file[3]:

 iptables-save > /etc/iptables.up.rules

Create an executable file /etc/network/if-pre-up.d/iptables and add:

 #!/bin/sh
 /sbin/iptables-restore < /etc/iptables.up.rules

Reboot and check that th erules are correctly loaded using iptables -L

References

  1. 1.0 1.1 nixCraft, How Do I Block an IP Address on My Linux server?
  2. 2.0 2.1 rackaid, Block SSH Brute Force Attacks with IPTables
  3. Debian Wiki, iptables.