IPTables Tips and Tricks

From Hostek.com Wiki
Jump to: navigation, search

Connecting to Server

These commands are ran in a shell session. You can connect to a shell session using the following suggestions depending on your operation system.

Windows

PuTTY or mRemoteNG

Mac or Linux

Open up terminal and run the following line, replacing "servername" with the IP address of the server, or it's hostname.
ssh root@servername

Note: If the server has SSH running on a port other then port 22, you can specify the port number like in the example below.
ssh root@servername -p 22

Common Commands

Open Port

Opening a port in IP tables only takes one command. Below is an example of the to allow a port. replace "80" with the port number you wish to open.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Close Port

Closing a port in IP tables is much like opening a port. Below is an example of the to block a port. replace "80" with the port number you wish to block.
iptables -A INPUT -p tcp --dport 80 -j DROP

List Active Rules

Listing the active rules will output and of the entries in IP tables, as well as what chain the entries are listed under, and the default policy for that chain.
iptables -L

If you want to search for something specific, such as an IP address or a hostname, you can append a "| grep x" (Seen in the example below) to the rule to filter for the string you are looking for.
iptables -L | grep 123.45.67.89

Delete Rule

Deleting a rule requires a little bit more work than the other options. You will need to first list the IP tables entries, and find:
[1]: The chain that the rule is located in.
[2]: The number of the rule in the chain.

This can be done by running:
iptables -L --line-numbers

If the output is to long to be able to see it all, run the following, and it will put the output into "Less" a text reader which you can scroll through with the arrow keys.
iptables -L --line-numbers | less

Once you find the rule's chain name.

    Chain Name
        |
Chain DENYIN (1 references)

And the rules number id in that chain.

Rule Number
|
5    DROP       all  --  127.0.0.1    anywhere

you can piece the delete commend together like this:

       Chain Name  Rule Number
               |   |
iptables -D DENYIN 5

After deleting the rule, you should be able to list the IP tables rule's again, iptables -L --line-numbers and find that the rule number is missing, or has another rule in its place. IP tables will move all the rules lower that the deleted rule up in the list to compensate for the rule being removed.

Keywords: iptables, IP Tables, ip tables, tips and tricks