Ubuntu/iptables

Revision as of 03:20, 22 May 2016

iptables: allows you to configure network ports and more

lookup current active rules

iptables -L -n -v

remove a rule from IP Tables. Make sure to include the comment if a comment exists.

iptables -D INPUT 1
or
iptables -D INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT
or
iptables -D INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT -m comment --comment "limit ssh access"

specify policy default

-P INPUT DROP

allow anything from itself (loopback)

-A INPUT -i lo -j ACCEPT

allow connection from specific address, inbound, using only TCP on a specific port

-A INPUT -s ip.address -p tcp --dport 22 -j ACCEPT

add a comment to the iptables rule

-m comment --comment "limit ssh access"

allow related and established

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

prevent packets from forwarding (like a router)

iptables -P FORWARD DROP

delete chain from iptables

iptables -X chain.name

save current IP Tables config

sudo sh -c "iptables-save > /etc/iptables.rules"

restore IP Tables config (also add this line to /etc/rc.local for it to auto run during boot)

iptables-restore < /etc/iptables.rules

Init.d startup script

Below is a method designed in hopes of a reliable auto-load of iptable rules on bootup. adding entry to rc.local entry was not 100% reliable.

Create startup script under /etc/init.d

 ~$ sudo vi /etc/init.d/iptables.rules

Script

#!/bin/sh
 ### BEGIN INIT INFO
 # Provides: iptables.rules
 # Required-Start: $remote_fs $syslog
 # Required-Stop: $remote_fs $syslog
 # Default-Start: 2 3 4 5
 # Default-Stop: 0 1 6
 # Short-Description: Start iptables.rules at boot time
 # Description: Load iptable rules at startup, provide flushing (stop) or flush and reload (restart) of rules.
 ### END INIT INFO

#startup function
start_iptables_rules() {
	printf "\nRestoring iptable rules ..."
	iptables-restore < /etc/iptables.rules > /dev/null 2>&1 &
	printf " restored.\n"
}

#stopping function that flushes iptables
stop_iptables_rules () {
	printf "\nFlushing iptable rules ..."
	iptables -F
	iptables -X
	iptables -t nat -F
	iptables -t nat -X
	iptables -t mangle -F
	iptables -t mangle -X
	iptables -P INPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -P OUTPUT ACCEPT
	printf " flushed.\n"
}

#restarting function that stops and starts iptables.rules
restart_iptables_rules () {
	printf "\nFlushing and reloading iptable rules ..."
	stop_iptables_rules
	start_iptables_rules
}

#list iptable rules currently configured
status_iptables_rules () {
	iptables -L -n -v
}

case "$1" in
	start)
		start_iptables_rules
		;;
	stop)
		stop_iptables_rules
		;;
	restart)
		restart_iptables_rules
		;;
	status)
		status_iptables_rules
		;;
	*)
		printf "Usage: /etc/init.d/iptables.rules {start|stop|restart|status}"
		exit 1
		;;

esac
exit 0

Permissions and Boot

Add permissions to execute

~$ chmod 755 /etc/init.d/iptables.rules

Enable dependency based boot sequence

~$ update-rc.d iptables.rules defaults

Ubuntu/iptables

Revision as of 03:20, 22 May 2016

Contents

CVE-2015-7547

Init.d startup script

Create startup script under /etc/init.d

Script

Permissions and Boot

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Mediawiki

Confluence

DevOps Tools

Open Source Products

Ubuntu

Ubuntu 22

Mac OSX

Oracle Linux

AWS

Windows

OpenVPN

Grafana

InfluxDB2

TrueNas

MagicMirror

OwnCloud

Pivotal

osTicket

OTRS

phpBB

WordPress

VmWare ESXI 5.1

Crypto currencies

HTML

CSS

Python

Java Script

PHP

Raspberry Pi

Canvas LMS

Kaltura Media Server

Plex Media Server

MetaSploit

Zoneminder

ShinobiCE

Photoshop CS2

Fortinet

Uploaded

Certifications

General Info

Games

Meal Plans

NC Statutes

Politics

Volkswagen

Covid

NCDMV

Toolbox