======IPTables==========
=========List iptables Rules=========
iptables -L INPUT
To get the actual port numbers rather than use of port
iptables -L -n INPUT
=====Delete iptables Rule=========
You can delete the rules based on their number and chain name. The following deletes the fourth rule on the list
iptables -D INPUT 4
=====Save Rules=====
service iptables save
=====Reload Rules=====
service iptables restart
=====Block IP=====
iptables -A INPUT -s 1.2.3.4 -j DROP
service iptables save
service iptables restart
=====Unblock IP=====
Where you have run iptables -A INPUT -s 1.2.3.4 -j DROP
To undo this, run
iptables -D INPUT -s 1.2.3.4 -j DROP
=====Block Subnet=====
iptables -I INPUT -s 43.229.0.0/255.255.0.0 -j DROP
=====Open a Single TCP Port=====
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
=====Open a Single UDP Port=====
iptables -A INPUT -m state --state NEW -m udp -p udp--dport 80 -j ACCEPT
=====Limit Rule to Specific Ethernet Card=====
Add the following to the command being used to open the port. This example limits to rule to eth0.
-i eth0
=====Insert Rule at Specific Point in Chain=====
To insert a rule at a specific point in a chain, modify the command from
iptables -A INPUT
to
iptables -I INPUT 5
where 5 should be replaced with the desired index.
=====Open a Range of Ports=====
This example opens ports 2121 to 2142 inclusive for TCP connections.
iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 2121:2142 -j ACCEPT
=====Prevent SSH Brute Force=====
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force "
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP