Linux/iptables: Difference between revisions

Revision as of 18:04, 4 December 2023

Tables	Chains
FILTER	INPUT FORWARD OUTPUT
NAT	PREROUTING OUTPUT POSTROUTING
MANGLE (modify ip headers)	PREROUTING INPUT FORWARD OUTPUT POSTROUTING
RAW (connection tracking)	PREROUTING OUTPUT
SECURITY	INPUT FORWARD OUTPUT

Targets	valid in	note
REJECT	INPUT, FORWARD, OUTPUT	sends response back
DROP		no response
ACCEPT
RETURN
MASQUERADE	POSTROUTING
REDIRECT	NAT:PREROUTING + NAT:OUTPUT

Basics

iptables
         -A (append - add rule at end)             -i (input interface)          -j (target)
         -C (check)                                -o (output interface)
         -D (delete - remove rule)                 -s (source address)    
         -F (flush - remove all rules)             -d (destination address)
         -I (insert - add at position)              
         -L (list - show all rules in chain)       -p      (protocol (tcp/udp))
         -N (new chain)                            --dport (port)
         -X (delete chain)

         -t (table to manipulate (default: filter)

         -n (numeric output of addresses and ports)

View state

iptables -L

raspi wifi to ethernet

rc.local
- iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
- iptables --append FORWARD --in-interface eth0 -j ACCEPT

@@ Line 8: / Line 8: @@
 |
 * INPUT
+* FORWARD
 * OUTPUT
-* FORWARD
 |-
 |NAT
@@ Line 21: / Line 21: @@
 |
 * PREROUTING
-* POSTROUTING
-* OUTPUT
 * INPUT
 * FORWARD
+* OUTPUT
+* POSTROUTING
 |-
 |RAW
@@ Line 34: / Line 34: @@
 |SECURITY
 |
+* INPUT
+* FORWARD
+* OUTPUT
 |}
 !
@@ Line 40: / Line 43: @@
 !Targets
 !valid in
+!note
 |-
 |REJECT
-|
+|INPUT, FORWARD, OUTPUT
+|sends response back
 |-
 |DROP
 |
+|no response
 |-
 |ACCEPT
+|
 |
 |-
 |RETURN
+|
 |
 |-
 |MASQUERADE
 |POSTROUTING
+|
 |-
 |REDIRECT
-|NAT: PREROUTING + NAT: OUTPUT
+|NAT:PREROUTING + NAT:OUTPUT
+|
 |}
 |}