IPV4
more_horiz
close

on 05th February 2015 / by sandeep.sasikumar
The iptables is nothing but a program that controls the linux based firewall that handles filtering for IPV4 and ip6tables for handling IPV6. Delete existing rules in IP tables iptables -F (or) iptables --flush Before we start entering new set of iptable rules it would be better for us to flush the old default set of rules in iptables. The iptables flush command will help to do this. Allow all incoming SSH connections iptables -A INPUT -i eth1 -p tcp --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --sport 2222 -m state --state ESTABLISHED -j ACCEPT This iptable entries will allow all incoming SSH connections to the eth1 interface. Allow outgoing SSH connections iptables -A OUTPUT -o eth1 -p tcp --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 2222 -m state --state ESTABLISHED -j ACCEPT This iptable entry will allow all outgoing SSH connections through eth1 interface. Allow ping from outside to the server iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT This iptable entry will allow ping from outside users our server Allow ping from inside to outside iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT These entries will allow ping from our server to outside. Block a specific ipaddress IPADDRESS_TO_BE_BLOCKED = "x.x.x.x" iptables -A INPUT -s "$IPADRESS_TO_BE_BLOCKED" -j DROP This iptable entry will block the ipaddress that needs to be blocked. Allow rsync from a specific network iptables -A INPUT -i eth1 -p tcp -s *.*.*.*/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT The above iptable entry will allow rsync from a specific network (*.*.*.*/24 defines the ipaddress range ) Allow postfix and sendmail iptables -A INPUT -i eth1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth1 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT This iptable entry will allow mail traffic Prevent DoS attack iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT This iptable entry will prevent the DOS(Denial of service) attack on our webserver. Allow port forwarding iptables -t nat -A PREROUTING -p tcp -d *.*.*.* --dport 537 -j DNAT --to *.*.*.*:22 This iptable entry will route all traffic that comes to 537 to the port 22. This means that both the port will accept packets. These are some of the main iptable rules that are configured Linux IPV4 Leave a reply Your email address will not be published. Required fields are marker *