IPTables: Difference between revisions
Jump to navigation
Jump to search
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==IPTables » Flush== | |||
{|class="wikitable" | |||
|- | |||
!scope="col"| Command !!scope="col"| Effect | |||
|- | |||
| <code>sudo iptables -t nat -F</code> || '''Flush NAT Table Rules:''' To flush rules from the '''nat table''' | |||
|- | |||
| <code>sudo iptables -F INPUT</code> || '''Flush a Specific Chain:''' For example, to flush only the '''INPUT''' chain | |||
|- | |||
| <code>sudo ip6tables -F</code> || '''Flush IPv6 IPTables (if applicable):''' If you’re working with '''IPv6 IPTables (ip6tables)''' | |||
|- | |||
| <code>sudo iptables -F</code> || '''Flush All Rules:''' This command flushes '''all IPTables''' rules across all chains | |||
|} | |||
==IPTables » Allow SSH » Flush== | |||
<syntaxhighlight lang="properties"> | |||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |||
iptables -F | |||
</syntaxhighlight> | |||
==IPTables » Allow SSH » Flush All== | |||
<syntaxhighlight lang="properties"> | |||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |||
iptables -F | |||
iptables -X | |||
iptables -t nat -F | |||
iptables -t nat -X | |||
iptables -t mangle -F | |||
iptables -t mangle -X | |||
iptables -t raw -F | |||
iptables -t raw -X | |||
</syntaxhighlight> | |||
==Playground== | ==Playground== | ||
{| | {| | ||
Line 34: | Line 67: | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
nc | nc vpn.shahed.biz -uv 1194 # udp | ||
nc | nc vpn.shahed.biz -tv 80 # tcp | ||
nc | nc vpn.shahed.biz -tv 53 # tcp | ||
nc localhost -uv 1194 # udp | |||
nc localhost -tv 80 # tcp | |||
nc - | nmap localhost -sT # tcp | ||
nmap localhost -sU # udp | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 59: | Line 92: | ||
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1) | echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1) | ||
sudo nmap -sU -sT -p U:1194,T:22,53,443 | sudo nmap vpn.shahed.biz -sU -sT -p U:1194,T:22,53,443 | ||
nmap --packet-trace -p 587 -vv -sT | nmap mail.chorke.org --packet-trace -p 587 -vv -sT | ||
tracerout mail.chorke.org | tracerout mail.chorke.org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 85: | Line 118: | ||
sudo ip6tables-save > /etc/iptables/rules.v6 | sudo ip6tables-save > /etc/iptables/rules.v6 | ||
sudo iptables-save > /etc/iptables/rules.v4 | sudo iptables-save > /etc/iptables/rules.v4 | ||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -S FORWARD -v | |||
sudo iptables -S OUTPUT -v | |||
sudo iptables -S INPUT -v | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -L FORWARD -v | |||
sudo iptables -L OUTPUT -v | |||
sudo iptables -L INPUT -v | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -L FORWARD -v --line-numbers | |||
sudo iptables -L OUTPUT -v --line-numbers | |||
sudo iptables -L INPUT -v --line-numbers | |||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -S -t nat -v | |||
sudo iptables -S -t nat | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -L -t nat -v | |||
sudo iptables -L -t nat | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo iptables -L -t nat -v --line-numbers | |||
sudo iptables -L -t nat --line-numbers | |||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo systemctl restart networking | |||
sudo iptables -L --line-numbers | |||
iptables --version | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo nmap -sP 192.168.49.0/24 | |||
sudo arp -d 192.168.49.100 | |||
arp -n | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
sudo arp -s 192.168.49.100 02:42:c0:a8:31:02 | |||
kubectl get nodes -o wide | |||
ip route show | |||
</syntaxhighlight> | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
nmap vpn.shahed.biz --reason -Pn --top 20 | |||
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993 | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 94: | Line 219: | ||
* [https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ IPTables » The Beginners Guide] | * [https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ IPTables » The Beginners Guide] | ||
* [https://www.cyberciti.biz/faq/how-to-list-all-iptables-rules-in-linux/ IPTables » Rules Listing] | * [https://www.cyberciti.biz/faq/how-to-list-all-iptables-rules-in-linux/ IPTables » Rules Listing] | ||
* [[Bash/Port/Forward|IPTables » Port Forward]] | |||
* [https://www.redhat.com/en/blog/iptables IPTables » RedHat] | * [https://www.redhat.com/en/blog/iptables IPTables » RedHat] | ||
* [https://help.ubuntu.com/community/IptablesHowTo?action=show IPTables » How To] | * [https://help.ubuntu.com/community/IptablesHowTo?action=show IPTables » How To] |
Latest revision as of 22:34, 21 December 2024
IPTables » Flush
Command | Effect |
---|---|
sudo iptables -t nat -F |
Flush NAT Table Rules: To flush rules from the nat table |
sudo iptables -F INPUT |
Flush a Specific Chain: For example, to flush only the INPUT chain |
sudo ip6tables -F |
Flush IPv6 IPTables (if applicable): If you’re working with IPv6 IPTables (ip6tables) |
sudo iptables -F |
Flush All Rules: This command flushes all IPTables rules across all chains |
IPTables » Allow SSH » Flush
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F
IPTables » Allow SSH » Flush All
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
Playground
netstat -uap|grep nginx
apt list --installed
sudo iptables -S
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
ls -lah /etc/iptables/
ls -lah /etc/iproute2/
ls -lah /etc/ufw/
|
| ||
nc vpn.shahed.biz -uv 1194 # udp
nc vpn.shahed.biz -tv 80 # tcp
nc vpn.shahed.biz -tv 53 # tcp
nc localhost -uv 1194 # udp
nc localhost -tv 80 # tcp
nmap localhost -sT # tcp
nmap localhost -sU # udp
|
suod journalctl -xeu ufw.service
sudo journalctl -xeu iptables
sudo journalctl -xeu nftables
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap vpn.shahed.biz -sU -sT -p U:1194,T:22,53,443
nmap mail.chorke.org --packet-trace -p 587 -vv -sT
tracerout mail.chorke.org
|
| ||
apt install inetutils-traceroute
apt install nmap
|
systemctl status iptables
systemctl status nftables
|
sudo ip6tables-save > /etc/iptables/rules.v6
sudo iptables-save > /etc/iptables/rules.v4
|
| ||
sudo iptables -S FORWARD -v
sudo iptables -S OUTPUT -v
sudo iptables -S INPUT -v
|
sudo iptables -L FORWARD -v
sudo iptables -L OUTPUT -v
sudo iptables -L INPUT -v
|
sudo iptables -L FORWARD -v --line-numbers
sudo iptables -L OUTPUT -v --line-numbers
sudo iptables -L INPUT -v --line-numbers
|
| ||
sudo iptables -S -t nat -v
sudo iptables -S -t nat
|
sudo iptables -L -t nat -v
sudo iptables -L -t nat
|
sudo iptables -L -t nat -v --line-numbers
sudo iptables -L -t nat --line-numbers
|
| ||
sudo systemctl restart networking
sudo iptables -L --line-numbers
iptables --version
|
sudo nmap -sP 192.168.49.0/24
sudo arp -d 192.168.49.100
arp -n
|
sudo arp -s 192.168.49.100 02:42:c0:a8:31:02
kubectl get nodes -o wide
ip route show
|
| ||
nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993
|
References
| ||