Difference between revisions of "Iptables"
From FusionPBX
(→Allow ICMP (optional)) |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
iptables -P FORWARD DROP | iptables -P FORWARD DROP | ||
iptables -P OUTPUT ACCEPT | iptables -P OUTPUT ACCEPT | ||
+ | |||
+ | == ICMP (optional) == | ||
+ | iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | ||
== Friendly Scanner == | == Friendly Scanner == | ||
Line 21: | Line 24: | ||
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm | iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm | ||
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm | iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm | ||
+ | |||
+ | == Show iptable rules == | ||
+ | sudo iptables -L -v | ||
+ | |||
+ | == Show line numbers == | ||
+ | iptables -L -v --line-numbers | ||
+ | |||
+ | == Delete a line == | ||
+ | Delete line 2 | ||
+ | iptables -D INPUT 2 | ||
+ | |||
+ | == Block IP address == | ||
+ | iptables -I INPUT -s 62.210.245.132 -j DROP | ||
+ | |||
+ | == Save Changes == | ||
+ | Debian / Ubuntu | ||
+ | apt-get install iptables-persistent | ||
+ | service iptables-persistent save |
Latest revision as of 03:08, 20 May 2015
Contents
Basic Rules
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 5060 -j ACCEPT iptables -A INPUT -p udp --dport 5060 -j ACCEPT iptables -A INPUT -p tcp --dport 5080 -j ACCEPT iptables -A INPUT -p udp --dport 5080 -j ACCEPT iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT iptables -A INPUT -p udp --dport 1194 -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
ICMP (optional)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
Friendly Scanner
Rules to block not so friendly scanner
iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm
Show iptable rules
sudo iptables -L -v
Show line numbers
iptables -L -v --line-numbers
Delete a line
Delete line 2
iptables -D INPUT 2
Block IP address
iptables -I INPUT -s 62.210.245.132 -j DROP
Save Changes
Debian / Ubuntu
apt-get install iptables-persistent service iptables-persistent save