🖥️iptables

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the iptables command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                ██╗██████╗ ████████╗ █████╗ ██████╗ ██╗     ███████╗███████╗
#                ██║██╔══██╗╚══██╔══╝██╔══██╗██╔══██╗██║     ██╔════╝██╔════╝
#                ██║██████╔╝   ██║   ███████║██████╔╝██║     █████╗  ███████╗
#                ██║██╔═══╝    ██║   ██╔══██║██╔══██╗██║     ██╔══╝  ╚════██║
#                ██║██║        ██║   ██║  ██║██████╔╝███████╗███████╗███████║
#                ╚═╝╚═╝        ╚═╝   ╚═╝  ╚═╝╚═════╝ ╚══════╝╚══════╝╚══════╝
                                                                            
                                                                            
                                                                           
# Show hit for rules with auto refresh
watch --interval 0 'iptables -nvL | grep -v "0     0"'

# Show hit for rule with auto refresh and highlight any changes since the last refresh
watch -d -n 2 iptables -nvL

# Block the port 902 and we hide this port from nmap.
iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-unreachable

# Note, --reject-with accept:
#	icmp-net-unreachable
#	icmp-host-unreachable
#	icmp-port-unreachable <- Hide a port to nmap
#	icmp-proto-unreachable
#	icmp-net-prohibited
#	icmp-host-prohibited or
#	icmp-admin-prohibited
#	tcp-reset

# Add a comment to a rule:
iptables ... -m comment --comment "This rule is here for this reason"

# To remove or insert a rule:
# 1) Show all rules
iptables -L INPUT --line-numbers
# OR iptables -nL --line-numbers

# Chain INPUT (policy ACCEPT)
#     num  target prot opt source destination
#     1    ACCEPT     udp  --  anywhere  anywhere             udp dpt:domain
#     2    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:domain
#     3    ACCEPT     udp  --  anywhere  anywhere             udp dpt:bootps
#     4    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:bootps

# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
iptables -D INPUT 2

# 2.b) OR INSERT a rule.
iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"

iptables -t nat -I POSTROUTING 
#		-o $dev 
#		-d $server 
#		! -s $wanted_ip 
#		-j SNAT 
#		--to-source $wanted_ip

# Block ip address - Use IPTABLES to block an ip address
iptables -I INPUT -s x.x.x.x -j DROP 
iptables -I INPUT -m iprange --src-range x.x.x.x-x.x.x.x -j DROP 

# Clear iptables - Clears all (or at least most) ip tables rules
iptables -F 
iptables -X 
#iptables -t nat -F 
#iptables -t nat -X 
iptables -t mangle -F 
iptables -t mangle -X 
iptables -P INPUT ACCEPT 
iptables -P FORWARD ACCEPT 
iptables -P OUTPUT ACCEPT 
iptables -t raw -F 
iptables -t raw -X 

# Note - the above nat commands are commented out because even when clearing nat, nf_conntrack will be loaded which can cause issues. 
# See these links for more info: 
# http://www.pc-freak.net/blog/resolving-nf_conntrack-table-full-dropping-packet-flood-message-in-dmesg-linux-kernel-log/
# http://antmeetspenguin.blogspot.com/2011/01/high-performance-linux-router.html 

#Eine IP über iptables sperren
iptables -A INPUT -s  IP-ADRESSE -j DROP 

# Eine IP Adresse wieder frei geben
iptables -D INPUT -s IP-ADRESSE -j DROP 

# der Unterschied ist die Option:
	-A ... IP Adresse zu iptables hinzufügen (Add)
	-D ... IP Adresse aus iptaböles löschen (Delete)

# Um herraus zu finden welchen IPS bereits gesperrt sind kann man folgendes ausführen
iptables -L INPUT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT

for IP in $(cat ips2block.txt); do iptables -A INPUT -s $IP -j DROP; done

for IP in $(cat ip_list); do echo "Banning $IP"; iptables -I INPUT -s $IP/32 -d 0/0 -j DROP; done
# This will block any communication from the ip addresses on any protocol or port.

#==============================##==============================#
# CMD IPTABLES					       #
#==============================##==============================#
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░