Here are few steps to allow ports or services :-
Just type these commands :-
To Check iptables RULES :-
$ sudo iptables -L
To Create iptables RULES :-
Eg:- to block icmp traffice on your server (ping block)
$ sudo iptables -A INPUT -d 10.10.10.10 -p icmp -j DROP
-A = to define rule (INPUT, FORWARD or OUTPUT)
-d = destination (your server ip in this case)
-p = protocol that you want to allow or block
-j = The functionality that you wanna perform (ACCEPT or DROP)
To Flush all iptables RULES :- (delete all rules)
$ sudo iptables -F (But be careful to use this command)
To Check iptables RULES by Line numbers:-
$ sudo iptables -L --line-numbers
To Delete iptables RULES by Line numbers:-
$ sudo iptables -D INPUT --line-numbers
Eg: sudo iptables -D INPUT 7
To Allow all traffic on specific IP :-
$ iptables -A INPUT -s 192.168.0.1/32 -j ACCEPT
To Allow specific port :-
$ iptables -A INPUT -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A INPUT -p tcp --sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
To Allow specific port on specific IP :-
$ iptables -I INPUT -p tcp -s 10.1.1.2 --dport 22 -j ACCEPT
Once you have them added and opened for those IPs, you need to close the door for the rest of IPs :-
$ iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP
To save iptables RULES:-
$ sudo /etc/init.d/iptables-persistent save
$ sudo /etc/init.d/iptables-persistent reload
OR
$ sudo netfilter-persistent save
$ sudo netfilter-persistent reload
Just type these commands :-
To Check iptables RULES :-
$ sudo iptables -L
To Create iptables RULES :-
Eg:- to block icmp traffice on your server (ping block)
$ sudo iptables -A INPUT -d 10.10.10.10 -p icmp -j DROP
-A = to define rule (INPUT, FORWARD or OUTPUT)
-d = destination (your server ip in this case)
-p = protocol that you want to allow or block
-j = The functionality that you wanna perform (ACCEPT or DROP)
To Flush all iptables RULES :- (delete all rules)
$ sudo iptables -F (But be careful to use this command)
To Check iptables RULES by Line numbers:-
$ sudo iptables -L --line-numbers
To Delete iptables RULES by Line numbers:-
$ sudo iptables -D INPUT --line-numbers
Eg: sudo iptables -D INPUT 7
To Allow all traffic on specific IP :-
$ iptables -A INPUT -s 192.168.0.1/32 -j ACCEPT
$ iptables -A INPUT -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A INPUT -p tcp --sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
$ iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
To Allow specific port on specific IP :-
$ iptables -I INPUT -p tcp -s 10.1.1.2 --dport 22 -j ACCEPT
Once you have them added and opened for those IPs, you need to close the door for the rest of IPs :-
$ iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP
To save iptables RULES:-
$ sudo /etc/init.d/iptables-persistent save
$ sudo /etc/init.d/iptables-persistent reload
OR
$ sudo netfilter-persistent save
$ sudo netfilter-persistent reload
0 comments:
Post a Comment