Link Search Menu Expand Document

iptables Cheat Sheet

iptables Examples

  • ipsets vs. iptables Performance
  • ipsets - Using IP sets for simpler iptables rules

    ipset create smtpblocks hash:net counters
    ipset add smtpblocks
    ipset add smtpblocks
    iptables -A INPUT -p tcp --dport 25 -m set --match-set smtpblocks src -j DROP
  • iptables - Loopback Routing:

    iptables -t nat -A POSTROUTING -d <internal web server IP> -s <internal network address> -p tcp --dport 80 -j SNAT --to-source <external web server IP>
  • iptables - Show active rules:

    iptables -S
    iptables -L 
    iptables -L <table>
  • iptables - Full flush:

    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
  • iptables - Allow established:

    iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  • iptables - Log failed requests:

    iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  • iptables - Persistency on Debian:

    apt-get install iptables-persistent
    # Set some rules and call
    invoke-rc.d iptables-persistent save
  • iptables - Persistency on Ubuntu: UFW (Uncomplicated FireWall)

    ufw enable
    ufw status
    ufw allow ssh/tcp
    ufw allow from <IP> proto tcp to any port <port>
    ufw delete allow from <IP> proto tcp to any port <port>
  • fail2ban CLI Commands

    fail2ban-client status
    fail2ban-client status <jail name>