| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- iptables
- ===========
- Basic Rules
- ===========
- | ``iptables -A INPUT -i lo -j ACCEPT``
- | ``iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 5060 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 5060 -j ACCEPT``
- | ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
- | ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
- | ``iptables -P INPUT DROP``
- | ``iptables -P FORWARD DROP``
- | ``iptables -P OUTPUT ACCEPT``
- Optional Rules
- ===============
- | OPENVPN: ``iptables -A INPUT -p udp --dport 1194 -j ACCEPT``
- | ICMP: ``iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT``
- Friendly Scanner
- ================
- Rules to block not so friendly scanner
- | ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm``
- | ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm``
- | *Optional*
- | ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string--string "VaxSIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm``
- | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxIPUserAgent" --algo bm``
- Show iptable rules
- ==================
- ``sudo iptables -L -v``
- Show line numbers
- =================
- ``iptables -L -v --line-numbers``
- Delete a line
- =============
- Delete line 2
- ``iptables -D INPUT 2``
- Block IP address
- ================
- ``iptables -I INPUT -s 62.210.245.132 -j DROP``
- Save Changes
- ============
- Debian / Ubuntu
- | ``apt-get install iptables-persistent``
- | ``service iptables-persistent save``
- | ``dpkg-reconfigure iptables-persistent``
|
