Linux/iptables: Difference between revisions

Revision as of 18:51, 4 December 2023

Tables	Chains
FILTER	INPUT FORWARD OUTPUT
NAT	PREROUTING OUTPUT POSTROUTING
MANGLE (modify ip headers)	PREROUTING INPUT FORWARD OUTPUT POSTROUTING
RAW (connection tracking)	PREROUTING OUTPUT
(SECURITY) (SELinux)	INPUT FORWARD OUTPUT

Targets	valid in	note
REJECT	INPUT, FORWARD, OUTPUT	sends response back
DROP		no response
ACCEPT
RETURN
MASQUERADE	POSTROUTING
REDIRECT	NAT:PREROUTING + NAT:OUTPUT

Basics

iptables
         -A (append - add rule at end)             -i (input interface)          -j (target)
         -C (check)                                -o (output interface)
         -D (delete - remove rule)                 -s (source address)    
         -F (flush - remove all rules)             -d (destination address)
         -I (insert - add at position)              
         -L (list - show all rules in chain)       -p      (protocol (tcp/udp))
         -N (new chain)                            --dport (destination port)
         -X (delete chain)                         --sport (source port)

         -t (table to manipulate (default: filter)

         -n (numeric output of addresses and ports)

View state

iptables-save                  # show everything

iptables --list-rules          # list filter rules (default: filter)
iptables --list-rules -t nat   # list nat rules

raspi wifi to ethernet

rc.local
- iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
- iptables --append FORWARD --in-interface eth0 -j ACCEPT

Links

@@ Line 105: / Line 105: @@
 * https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
 * https://gist.github.com/mcastelino/c38e71eb0809d1427a6650d843c42ac2
-*
+* http://rudijs.github.io/2015-07/docker-restricting-container-access-with-iptables/
 [[Category:Linux/Network]]
 [[Category:Linux]]