IP Table – BLACK CAT PROGRAMMER

iptables 就可以當作是 linux 裡的防火牆。

Each table has many chains which each chain has many rules

Common tables are nat and filter

filter is for controlling the incoming and outgoing packets

 CHAINS
  1. INPUT
  2. FORWARD
  3. OUTPUT

while

nat is for forwarding packets

 CHAINS
  1. PREROUTING
  2. INPUT
  3. OUTPUT
  4. POSTROUTING

Save the current iptables rules

iptables-save > file_path.rules

Restore iptables rules

iptables-restore < /etc/iptables.rules

Examples

1. List current iptable rules of NAT
iptables -t nat -L -v

2. List current iptables rules of INPUT line number
iptables -t nat -L -v --line-numbers

3.1. Adding a new rule accepting port 1194 traffic
3.1) Append mode
 iptables -t nat -A INPUT -i eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
3.2) Insert mode
iptables -t nat -I INPUT [line number ]-i eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
3.3) Insert mode v2
iptables -I INPUT 7 -p tcp --dport 8443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

4.Change the source IP from 10.8.0.0/24 to 192.168.13.11
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.13.11

5. delete a rule
 1) first, show the current rules by
 iptables -t nat -L -v --line-numbers 
 
 2) delete the rule
 iptables -t nat -D POSTROUTING 1

REF: https://opensource.com/article/18/9/linux-iptables-firewalld

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31