IPTables: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
==IPTables » Flush==
{|class="wikitable"
|-
!scope="col"| Command                    !!scope="col"| Effect
|-
| <code>sudo iptables -t nat -F</code>  || '''Flush NAT Table Rules:''' To flush rules from the '''nat table'''
|-
| <code>sudo iptables -F INPUT</code>    || '''Flush a Specific Chain:''' For example, to flush only the '''INPUT''' chain
|-
| <code>sudo ip6tables -F</code>        || '''Flush IPv6 IPTables (if applicable):''' If you’re working with '''IPv6 IPTables (ip6tables)'''
|-
| <code>sudo iptables -F</code>          || '''Flush All Rules:''' This command flushes '''all IPTables''' rules across all chains
|}
==IPTables » Allow SSH » Flush==
<syntaxhighlight lang="properties">
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F
</syntaxhighlight>
==IPTables » Allow SSH » Flush All==
<syntaxhighlight lang="properties">
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
</syntaxhighlight>
==Playground==
==Playground==
{|
{|
Line 34: Line 67:
|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
nc -uv vpn.shahed.biz 1194   # udp
nc   vpn.shahed.biz -uv 1194 # udp
nc -tv vpn.shahed.biz 80     # tcp
nc   vpn.shahed.biz -tv 80   # tcp
nc -tv vpn.shahed.biz 53     # tcp
nc   vpn.shahed.biz -tv 53   # tcp
sudo nmap -sT localhost     # tcp
nc  localhost -uv 1194     # udp
sudo nmap -sU localhost     # udp
nc   localhost -tv 80       # tcp
nc -uv localhost 1194       # udp
nmap localhost -sT          # tcp
nc -tv localhost 80          # tcp
nmap localhost -sU          # udp
</syntaxhighlight>
</syntaxhighlight>


Line 59: Line 92:
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)


sudo nmap -sU -sT -p U:1194,T:22,53,443 vpn.shahed.biz
sudo nmap vpn.shahed.biz -sU -sT -p U:1194,T:22,53,443


nmap --packet-trace -p 587 -vv -sT mail.chorke.org
nmap mail.chorke.org --packet-trace -p 587 -vv -sT
tracerout mail.chorke.org
tracerout mail.chorke.org
</syntaxhighlight>
</syntaxhighlight>
Line 94: Line 127:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo iptables -S FORWARD -v
sudo iptables -S FORWARD -v
sudo iptables -S OUTPUT -v
sudo iptables -S OUTPUT -v
sudo iptables -S INPUT -v
sudo iptables -S INPUT   -v
</syntaxhighlight>
</syntaxhighlight>


Line 101: Line 134:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo iptables -L FORWARD -v
sudo iptables -L FORWARD -v
sudo iptables -L OUTPUT -v
sudo iptables -L OUTPUT -v
sudo iptables -L INPUT -v
sudo iptables -L INPUT   -v
</syntaxhighlight>
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
 
sudo iptables -L FORWARD -v --line-numbers
sudo iptables -L OUTPUT  -v --line-numbers
sudo iptables -L INPUT  -v --line-numbers
</syntaxhighlight>
</syntaxhighlight>


Line 124: Line 159:
sudo iptables -L -t nat -v
sudo iptables -L -t nat -v
sudo iptables -L -t nat
sudo iptables -L -t nat
</syntaxhighlight>
|valign='top'|
<syntaxhighlight lang="bash">
sudo iptables -L -t nat -v --line-numbers
sudo iptables -L -t nat    --line-numbers
</syntaxhighlight>
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
sudo systemctl restart networking
sudo iptables -L --line-numbers
iptables --version
</syntaxhighlight>
|valign='top'|
<syntaxhighlight lang="bash">
sudo nmap -sP 192.168.49.0/24
sudo arp  -d  192.168.49.100
arp -n
</syntaxhighlight>
|valign='top'|
<syntaxhighlight lang="bash">
sudo arp -s 192.168.49.100 02:42:c0:a8:31:02
kubectl get nodes -o wide
ip route show
</syntaxhighlight>
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993
</syntaxhighlight>
|valign='top'|
<syntaxhighlight lang="bash">
</syntaxhighlight>
</syntaxhighlight>


Line 138: Line 219:
* [https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ IPTables » The Beginners Guide]
* [https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ IPTables » The Beginners Guide]
* [https://www.cyberciti.biz/faq/how-to-list-all-iptables-rules-in-linux/ IPTables » Rules Listing]
* [https://www.cyberciti.biz/faq/how-to-list-all-iptables-rules-in-linux/ IPTables » Rules Listing]
* [[Bash/Port/Forward|IPTables » Port Forward]]
* [https://www.redhat.com/en/blog/iptables IPTables » RedHat]
* [https://www.redhat.com/en/blog/iptables IPTables » RedHat]
* [https://help.ubuntu.com/community/IptablesHowTo?action=show IPTables » How To]
* [https://help.ubuntu.com/community/IptablesHowTo?action=show IPTables » How To]

Latest revision as of 22:34, 21 December 2024

IPTables » Flush

Command Effect
sudo iptables -t nat -F Flush NAT Table Rules: To flush rules from the nat table
sudo iptables -F INPUT Flush a Specific Chain: For example, to flush only the INPUT chain
sudo ip6tables -F Flush IPv6 IPTables (if applicable): If you’re working with IPv6 IPTables (ip6tables)
sudo iptables -F Flush All Rules: This command flushes all IPTables rules across all chains

IPTables » Allow SSH » Flush

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F

IPTables » Allow SSH » Flush All

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X

Playground

netstat -uap|grep nginx
apt list --installed
sudo iptables -S
netstat -lpn
netstat -a

sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN

sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn     | grep LISTEN
ls -lah /etc/iptables/
ls -lah /etc/iproute2/
ls -lah /etc/ufw/

nc   vpn.shahed.biz -uv 1194 # udp
nc   vpn.shahed.biz -tv 80   # tcp
nc   vpn.shahed.biz -tv 53   # tcp
nc   localhost -uv 1194      # udp
nc   localhost -tv 80        # tcp
nmap localhost -sT           # tcp
nmap localhost -sU           # udp

suod journalctl -xeu ufw.service
sudo journalctl -xeu iptables
sudo journalctl -xeu nftables
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe

sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)

sudo nmap vpn.shahed.biz -sU -sT -p U:1194,T:22,53,443

nmap mail.chorke.org --packet-trace -p 587 -vv -sT
tracerout mail.chorke.org

apt install inetutils-traceroute
apt install nmap

systemctl status iptables
systemctl status nftables

sudo ip6tables-save > /etc/iptables/rules.v6
sudo iptables-save > /etc/iptables/rules.v4

sudo iptables -S FORWARD -v
sudo iptables -S OUTPUT  -v
sudo iptables -S INPUT   -v

sudo iptables -L FORWARD -v
sudo iptables -L OUTPUT  -v
sudo iptables -L INPUT   -v

sudo iptables -L FORWARD -v --line-numbers
sudo iptables -L OUTPUT  -v --line-numbers
sudo iptables -L INPUT   -v --line-numbers

sudo iptables -S -t nat -v
sudo iptables -S -t nat

sudo iptables -L -t nat -v
sudo iptables -L -t nat

sudo iptables -L -t nat -v --line-numbers
sudo iptables -L -t nat    --line-numbers

sudo systemctl restart networking
sudo iptables -L --line-numbers
iptables --version

sudo nmap -sP 192.168.49.0/24
sudo arp  -d  192.168.49.100
arp -n

sudo arp -s 192.168.49.100 02:42:c0:a8:31:02
kubectl get nodes -o wide
ip route show

nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=IPTables&oldid=13769"