Difference between revisions of "Iptables cheat sheet"

From MyLabWiki
Jump to: navigation, search
(Add category)
(Added save and restore.)
 
Line 19: Line 19:
 
The reference<ref name="rackaid1"/> also gives info about how to set up logging.
 
The reference<ref name="rackaid1"/> also gives info about how to set up logging.
  
 +
== Save and restore the rules ==
  
[[Category:linux]]
+
Check the existing rules using:
  
 +
  iptables -L
 +
 +
Save them to a file<ref name="debipt1">[https://wiki.debian.org/iptables Debian Wiki, iptables.]</ref>:
 +
 +
  iptables-save > /etc/iptables.up.rules
 +
 +
Create an '''executable''' file <tt>/etc/network/if-pre-up.d/iptables</tt> and add:
 +
 +
  #!/bin/sh
 +
  /sbin/iptables-restore < /etc/iptables.up.rules
 +
 +
Reboot and check that th erules are correctly loaded using <tt>iptables -L</tt>
  
 
== References ==
 
== References ==
  
 
<references/>
 
<references/>
 +
 +
 +
[[Category:linux]]

Latest revision as of 13:42, 28 June 2015

Applicable to Debian 8.

Blocking IP addresses

Permanently block an IP address[1]:

 iptables -A INPUT -s a.b.c.d -j DROP

Unblock IP address[1]:

 iptables -D INPUT -s a.b.c.d -j DROP

Block and IP address after 3 failed SSH login attempts made within 60 seconds[2]:

 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
 iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

The reference[2] also gives info about how to set up logging.

Save and restore the rules

Check the existing rules using:

 iptables -L

Save them to a file[3]:

 iptables-save > /etc/iptables.up.rules

Create an executable file /etc/network/if-pre-up.d/iptables and add:

 #!/bin/sh
 /sbin/iptables-restore < /etc/iptables.up.rules

Reboot and check that th erules are correctly loaded using iptables -L

References

  1. 1.0 1.1 nixCraft, How Do I Block an IP Address on My Linux server?
  2. 2.0 2.1 rackaid, Block SSH Brute Force Attacks with IPTables
  3. Debian Wiki, iptables.