IPTables Tips and Tricks
Connecting to Server
These commands are ran in a shell session. You can connect to a shell session using the following suggestions depending on your operation system.
Mac or Linux
Open up terminal and run the following line, replacing "servername" with the IP address of the server, or it's hostname.
Note: If the server has SSH running on a port other then port 22, you can specify the port number like in the example below.
ssh root@servername -p 22
Opening a port in IP tables only takes one command. Below is an example of the to allow a port. replace "80" with the port number you wish to open.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Closing a port in IP tables is much like opening a port. Below is an example of the to block a port. replace "80" with the port number you wish to block.
iptables -A INPUT -p tcp --dport 80 -j DROP
List Active Rules
Listing the active rules will output and of the entries in IP tables, as well as what chain the entries are listed under, and the default policy for that chain.
If you want to search for something specific, such as an IP address or a hostname, you can append a "| grep x" (Seen in the example below) to the rule to filter for the string you are looking for.
iptables -L | grep 18.104.22.168
Deleting a rule requires a little bit more work than the other options. You will need to first list the IP tables entries, and find:
: The chain that the rule is located in.
: The number of the rule in the chain.
This can be done by running:
iptables -L --line-numbers
If the output is to long to be able to see it all, run the following, and it will put the output into "Less" a text reader which you can scroll through with the arrow keys.
iptables -L --line-numbers | less
Once you find the rule's chain name.
Chain Name | Chain DENYIN (1 references)
And the rules number id in that chain.
Rule Number | 5 DROP all -- 127.0.0.1 anywhere
you can piece the delete commend together like this:
Chain Name Rule Number | | iptables -D DENYIN 5
After deleting the rule, you should be able to list the IP tables rule's again,
iptables -L --line-numbers and find that the rule number is missing, or has another rule in its place. IP tables will move all the rules lower that the deleted rule up in the list to compensate for the rule being removed.
Keywords: iptables, IP Tables, ip tables, tips and tricks