This is a draft cheat sheet. It is a work in progress and is not finished yet.
iptables
iptables -S [chain [number]] |
print the rules in a chain or all chains |
iptables -L -v |
[-L] List rules as table in [-v] verboe mode |
iptables -A INPUT -p tcp --dport 22 -j ACCEPT |
[-A] append rule. all INPUT traffic on [-p] protocol tcp, with [-dport] destination port 22 (ssh) [-j] jump to ACCEPT |
iptables -D INPUT 4 |
Delete the INPUT 4th rule |
iptables -D INPUT -p tcp --dport 22 -j ACCEPT |
[-D] Delete the specified rule |
iptables -A INPUT -j DROP |
all input traffic is DROP (DROP goes to a black hole and doesn't notify the user) |
iptables -I INPUT 4 -p tcp --dport 443 -j ACCEPT |
[-I] Insert rule on position 4 |
|
|
persistence
iptables-save > ~/rules.v4 |
Save iptables rules to a file |
iptables-restore < ~/rules.v4 |
Restore iptables rules from a file |
apt-get install -y iptables-persistent |
You can use iptables-persistent to save/restore rules at startup |
sudo service netfilter-persistent start |
start previus installed service |
sudo invoke-rc.d netfilter-persistent save |
start netfilter at startup |
|
