Linux/iptables: Difference between revisions

From Wiki
mNo edit summary
Line 54: Line 54:
== Basics ==
== Basics ==
<pre>
<pre>
sudo iptables CHAINRULE [-j target]
iptables CHAINRULE [-j target]
        -A (append - add rule at end)
        -C (check)
        -D (delete - remove rule)
        -F (flush - remove all rules)
        -I (insert - add at position)
        -L (list - show all rules in chain)
        -N (new chain)
        -X (delete chain)
 
        -i (input interface)
        -o (output interface)
        -s (source address)
        -d (destination address)
 
        -t (table to manipulate (default: filter)
 
        -n (numeric output of addresses and ports)
</pre>
</pre>


== View state ==
<pre>
iptables -L
</pre>


== raspi wifi to ethernet ==
== raspi wifi to ethernet ==

Revision as of 17:40, 4 December 2023

Tables Chains
FILTER
  • INPUT
  • OUTPUT
  • FORWARD
NAT
  • PREROUTING
  • OUTPUT
  • POSTROUTING
MANGLE

(modify ip headers)

  • PREROUTING
  • POSTROUTING
  • OUTPUT
  • INPUT
  • FORWARD
RAW

(connection tracking)

  • PREROUTING
  • OUTPUT
SECURITY
Targets
REJECT
DROP
ACCEPT
RETURN
MASQUERADE

Basics

iptables CHAINRULE [-j target]
         -A (append - add rule at end)
         -C (check)
         -D (delete - remove rule)
         -F (flush - remove all rules)
         -I (insert - add at position)
         -L (list - show all rules in chain)
         -N (new chain)
         -X (delete chain)

         -i (input interface)
         -o (output interface)
         -s (source address)
         -d (destination address)

         -t (table to manipulate (default: filter)

         -n (numeric output of addresses and ports)

View state

iptables -L

raspi wifi to ethernet

  • rc.local
    • iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
    • iptables --append FORWARD --in-interface eth0 -j ACCEPT
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/iptables&oldid=3871"