Linux/iptables: Difference between revisions

Basics

iptables
         -A (append - add rule at end)             -i (input interface)          -j (target)
         -C (check)                                -o (output interface)
         -D (delete - remove rule)                 -s (source address)    
         -F (flush - remove all rules)             -d (destination address)
         -I (insert - add at position)              
         -L (list - show all rules in chain)       -p      (protocol (tcp/udp))
         -N (new chain)                            --dport (destination port)
         -X (delete chain)                         --sport (source port)

         -t (table to manipulate (default: filter)

         -n (numeric output of addresses and ports)

View state

iptables-save                  # show everything

iptables --list-rules          # list filter rules (default: filter)
iptables --list-rules -t nat   # list nat rules

Random examples

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• openvpn

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

• wireguard

iptables -A FORWARD -i wg0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -D FORWARD -i wg0 -j ACCEPT
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

• raspi wifi to ethernet

iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Links

• https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
• https://gist.github.com/mcastelino/c38e71eb0809d1427a6650d843c42ac2
• http://rudijs.github.io/2015-07/docker-restricting-container-access-with-iptables/