Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Learn iptables personal summary

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Iptables command

The iptables command is a commonly used firewall software on Linux and is part of the netfilter project. It can be configured directly or through many front-end and graphical interfaces.

2. Iptables's "four tables and five chains:"

The four tables include:

Raw: advanced features, such as URL filtering.

Mangle: packet modification (QOS), used to achieve quality of service.

Net: address translation for gateway routers.

Filter: packet filtering for firewall rules.

The five rule chain names include: (five functions on the netfilter kernel module)

INPUT chain: processes input packets.

OUTPUT chain: processes output packets.

PORWARD chain: handles forwarding packets.

PREROUTING chain: used for destination address translation (DNAT).

POSTOUTING chain: for source address translation (SNAT).

3. The process of packet filtering and matching is as follows

4. The actions for processing data packets include:

ACCEPT: receives a packet.

DROP: drop the packet.

REDIRECT: redirect, mapping, transparent proxy.

SNAT: source address translation.

DNAT: destination address translation.

MASQUERADE:IP camouflage (NAT) for ADSL.

LOG: logging.

5. Iptables syntax

Iptables (option) (parameter)

1. View the default rules:

Iptables [- t table] [- L] [- nv]

2. View firewall rules:

Iptables-save [- t table]

3. Clear firewall rules:

Iptables [- t tables] [- FXZ]

4. Define default rules:

Iptables [- t table]-P [INPUT,OUTPUT,FORWARD] [ACCEPT,DROP]

5. Packet alignment settings

Iptables [- AI chain name] [- io network interface] [- p protocol] [- s source IP/ network] [- d destination IP/ network]-j [ACCEPT | DROP | REJECT | LOG]

6. Iptables module (state,mac):

Iptables-An INPUT [- m state] [--state status] iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPTiptables-An INPUT-m mac--mac-source aa:bb:cc:dd:ee:ff-j ACCEPT

7. Icmp packet planning comparison:

Iptables-An INPUT [- p icmp] [--icmp-type type]-j ACCEPT

Common types of ICMP:

0 Echo Reply-- echo reply (Ping reply)

8 Echo request-- echo request (Ping request)

Options:

-t: specify the table to manipulate

-A: add an entry to the rule chain

-D: remove entries from the rule chain

-I: insert an entry into the rule chain

-R: replace entries in the rule chain

-L: displays existing entries in the rule chain

-F: clear the existing entries in the rule chain

-Z: clear packet calculators and byte counters in the rule chain

-N: create a new user-defined rule chain

-P: define the default target in the rule chain

-h: displays help information

-p: specifies the type of packet protocol to match

-s: specify the packet source ip address to match

-j: specify the target to jump

-I: specifies the network interface on which the packet enters the machine

-o: specifies the network interface on which the packet is to leave the machine.

6. In general, the order in which firewall rules are created:

1. Clear firewall rules

2. Set the default policy of the firewall

3. Trust the native: (since lo is very important to the native, lo must be set to trust the device)

4. Response packet: (allows packets that respond to requests from the local machine to enter the local machine (ESTABLISHED, RELATED))

5. Add specific rules

7. Iptables to view a simple example:

# iptables-nL View Firewall Settings # iptables-t nat-nL View nat Table # iptables-t mangle-nL View mangle Table # iptables-t raw-nL View raw Table # iptables-t filter-P FORWARD DROP set FORWARD default policy to discard,-t filter can be omitted; # iptables-P INPUT DROP set INPUT default policy; # iptables-P OUTPUT DROP set OUTPUT default policy; # iptables-nL INPUT view rules on a specified chain; # iptables-nvL view details # iptables-nvxL to view details in bytes; # iptables-nvxL-- line-number to display rule numbers; # iptables-nvvxL-- line-number to display more details; # iptables-nvvvxL-- line-number to display more and more details; # iptables-S to display added rule commands; # iptables-S INPUT to display added rule commands on input chains; # iptables-F to empty rules

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report