🖥️iptables
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the iptables command with important options and switches using examples.
4 minute read
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ██╗██████╗ ████████╗ █████╗ ██████╗ ██╗ ███████╗███████╗
# ██║██╔══██╗╚══██╔══╝██╔══██╗██╔══██╗██║ ██╔════╝██╔════╝
# ██║██████╔╝ ██║ ███████║██████╔╝██║ █████╗ ███████╗
# ██║██╔═══╝ ██║ ██╔══██║██╔══██╗██║ ██╔══╝ ╚════██║
# ██║██║ ██║ ██║ ██║██████╔╝███████╗███████╗███████║
# ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝╚═════╝ ╚══════╝╚══════╝╚══════╝
# Show hit for rules with auto refresh
watch --interval 0 'iptables -nvL | grep -v "0 0"'
# Show hit for rule with auto refresh and highlight any changes since the last refresh
watch -d -n 2 iptables -nvL
# Block the port 902 and we hide this port from nmap.
iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-unreachable
# Note, --reject-with accept:
# icmp-net-unreachable
# icmp-host-unreachable
# icmp-port-unreachable <- Hide a port to nmap
# icmp-proto-unreachable
# icmp-net-prohibited
# icmp-host-prohibited or
# icmp-admin-prohibited
# tcp-reset
# Add a comment to a rule:
iptables ... -m comment --comment "This rule is here for this reason"
# To remove or insert a rule:
# 1) Show all rules
iptables -L INPUT --line-numbers
# OR iptables -nL --line-numbers
# Chain INPUT (policy ACCEPT)
# num target prot opt source destination
# 1 ACCEPT udp -- anywhere anywhere udp dpt:domain
# 2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
# 3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
# 4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
iptables -D INPUT 2
# 2.b) OR INSERT a rule.
iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"
iptables -t nat -I POSTROUTING
# -o $dev
# -d $server
# ! -s $wanted_ip
# -j SNAT
# --to-source $wanted_ip
# Block ip address - Use IPTABLES to block an ip address
iptables -I INPUT -s x.x.x.x -j DROP
iptables -I INPUT -m iprange --src-range x.x.x.x-x.x.x.x -j DROP
# Clear iptables - Clears all (or at least most) ip tables rules
iptables -F
iptables -X
#iptables -t nat -F
#iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
# Note - the above nat commands are commented out because even when clearing nat, nf_conntrack will be loaded which can cause issues.
# See these links for more info:
# http://www.pc-freak.net/blog/resolving-nf_conntrack-table-full-dropping-packet-flood-message-in-dmesg-linux-kernel-log/
# http://antmeetspenguin.blogspot.com/2011/01/high-performance-linux-router.html
#Eine IP über iptables sperren
iptables -A INPUT -s IP-ADRESSE -j DROP
# Eine IP Adresse wieder frei geben
iptables -D INPUT -s IP-ADRESSE -j DROP
# der Unterschied ist die Option:
-A ... IP Adresse zu iptables hinzufügen (Add)
-D ... IP Adresse aus iptaböles löschen (Delete)
# Um herraus zu finden welchen IPS bereits gesperrt sind kann man folgendes ausführen
iptables -L INPUT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
for IP in $(cat ips2block.txt); do iptables -A INPUT -s $IP -j DROP; done
for IP in $(cat ip_list); do echo "Banning $IP"; iptables -I INPUT -s $IP/32 -d 0/0 -j DROP; done
# This will block any communication from the ip addresses on any protocol or port.
#==============================##==============================#
# CMD IPTABLES #
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command iptables in a clear format. This allows users to quickly access the needed information for iptables without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for iptables are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.