🔗
Networking concepts
  • Introduction
  • DNS
    • Introduction
    • DNS query
  • SSH
    • Introduction
    • Basics
    • SSH tunneling
      • Direct SSH tunnel
      • Reverse SSH tunnel
      • Dynamic SSH tunnel
    • SSH public key authentication
    • Port forwarding with virtual interface
    • sshd
    • scp/sftp
  • 🔫Networking tools
    • configuration & information
      • ip
      • netstat/netsh
      • ifconfig/ipconfig/iwconfig
      • arp
      • route
      • ps
      • ss
      • lsof
      • pgrep
      • nmcli
      • Information about services/processes & PID
    • monitoring & troubleshooting
      • ping
      • tracert/traceroute
      • mtr
      • iperf3
    • domain information
      • dig/nslookup
      • whois
      • host
    • capture & analysis
      • tcpdump
      • ngrep
      • wireshark
    • firewall & security
      • iptables
      • nft
    • services
      • dnsmasq
      • hostapd
      • RDP/VNC
      • ngrok
      • networking.service
      • NetworkManager.service
      • nginx
      • apache
      • nfs
    • miscellaneous
      • cURL
      • wget
      • netwox
      • netcat
      • openssl
      • socat
      • ftp
      • smbclient
    • proxy & tunneling
      • proxychains
    • Programming/scripting
      • Python
      • C
  • 🤩Interesting concepts
    • Simple tips & tricks
    • Network hole punching
    • SSH Over HTTPS
  • Network ports & services cheat sheet
    • 20/21/tcp ~ ftp
    • 22/tcp ~ ssh
    • 23/tcp ~ telnet
    • ...
  • For-fun projects
    • Raspberry pi + Windows machine experiments
Powered by GitBook
On this page
  • Basic options
  • Tables
  • Chain
  • Target
  • Basic flag options
  • Add/insert rules examples
  • View the rules
  • Persistent rules with iptables-persistent
  • Persistent rules with netfilter-persistent
  • Example use case
  1. Networking tools
  2. firewall & security

iptables

iptables-persistent, netfilter-persistent

Basic options

There are a few basic concepts within iptables:

Tables

Within each table, there are a few available chain options. The values will be listed down under each table, and will be further discussed in a later section.

  1. filter (default)

    • INPUT

    • FORWARD

    • OUTPUT

  2. nat

    • ...

  3. mangle

    • ...

  4. raw

    • ...

Chain

  1. INPUT

  2. FORWARD

  3. OUTPUT

Target

  1. ACCEPT

  2. DROP

  3. REJECT

Basic flag options

  1. -A OR --append

  2. -I OR --insert

  3. -D OR --delete

  4. -t OR --table

  5. -L OR --list

  6. -p OR --protocol

  7. -P or --policy

  8. -j OR --jump

  9. -s OR --source

  10. -d OR --destination

  11. --sport OR --source-port

  12. --dport OR --destination-port

Add/insert rules examples

  1. Add an INPUT rule to DROP all traffic regardless of the protocol, destination port, source address, or any other parameters

$ sudo iptables -A INPUT -j DROP

  1. Add an INPUT rule to DROP all SSH traffic (TCP port 22) 

$ sudo iptables -A INPUT -p tcp --dport 22 -j DROP

An additional rule can be added to allow SSH traffic from a source address range. Note that the -I flag option is used instead of -A to insert, rather than append the new rule. This allow sthe new rule to take precedence over the previously defined rule (for matching traffic).

$ sudo iptables -I INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT

View the rules

$ sudo iptables -L
$ sudo iptables --list

Persistent rules with iptables-persistent

  1. Install iptables-persistent 

$ sudo apt install iptables-persistent

  1. Update rules with iptables command

  2. Save to rules file: /etc/iptables/rules.v4 (For IPv4)

$ sudo iptables-save | sudo tee /etc/iptables/rules.v4

Persistent rules with netfilter-persistent

All the same steps as above for iptables-persistent, with some additional steps:

  1. Install netfilter-persistent and iptables-persistent

  • seems like installing iptables-persistent automatically adds the current rules in the iptables into the file: /etc/iptables/rules.v4

$ sudo apt install netfilter-persistent
$ sudo install iptables-persistent

  1. Enable netfilter-persistent service

$ sudo systemctl enable netfilter-persistent

Check to ensure that it is enabled. It doesn't matter if its not running yet, as it will be started on reboot as long its enabled.

$ sudo systemctl status netfilter-persistent

  1. Verify if the rules have been added to the configuration file: /etc/iptables/rules.v4

$ sudo cat /etc/iptables/rules.v4

Otherwise, manually add the rules using the iptables-save tool

$ sudo iptables-save | sudo tee /etc/iptables/rules.v4

The iptables-save tool simply returns the current iptables rules

$ sudo iptables-save
...
...
...

  1. Reboot the system

$ reboot

  1. Check iptables rule

$ sudo iptables --list
$ sudo iptables -L

The iptables rules should persist from the previous configurations.

Example use case

Previousfirewall & securityNextnft

Last updated 8 months ago

🔫