IPTABLES Tutorials

IPTABLES  Interview Questions 

Here I publish tutorial for IPTABLES 

How to disable IPTABLES ?

==================

# service iptables save
# service iptables stop
# chkconfig iptables off


How To clear IP rules in IPTABLES use below commands:

=====================================

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT

How to Enable IPTABLES ?

===================

# /etc/init.d/iptables start

# chkconfig iptables on

# iptables-save > /root/working.fw


How to restore Rules in IPTABLES  ?

=============

#iptables-restore < /root/firewall.rules

#iptables-save > /root/firewall.rules


How to List the iptable Rules in IPTABLES ?


# iptables --list

#iptables -L

How to List the NAT iptable Rules ?

iptables -t nat -L
iptables -t nat -L -n -v | grep 'some-word'
iptables -t nat -L -n -v

How to delete iptable rules ?


# iptables --flush

# iptables --flush OUTPUT  //To delete particular CHAIN


Some basic Rules of IPTABLES ?

=============

Interface level:

Allow incoming packets at interface level

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -i eth0 -j ACCEPT

# Accept packets from trusted IP addresses

 iptables -A INPUT -s 192.168.0.4 -j ACCEPT # change the IP address as appropriate

# Accept packets from trusted IP addresses

#  iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT   //using standard slash notation
#  iptables -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT // using a subnet mask


# Accept tcp packets on destination port 6881 (bittorrent)

 # iptables -A INPUT -p tcp --dport 6881 -j ACCEPT


# Accept tcp packets on destination ports 6881-6890

#  iptables -A INPUT -p tcp --dport 6881:6890 -j ACCEPT


Rules for SSH:

===========

# Accept tcp packets on destination port 22 (SSH)

 # iptables -A INPUT -p tcp --dport 22 -j ACCEPT


# Accept tcp packets on destination port 22 (SSH) from private LAN

# iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT