IPTables: Difference between revisions
Jump to navigation
Jump to search
(28 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
==IPTables » Allow SSH » Flush== | ==IPTables » Allow SSH » Flush== | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash"> | ||
sudo su | |||
mkdir -p /etc/iptables/ | |||
iptables-save > /etc/iptables/rules.v4 | |||
ip6tables-save > /etc/iptables/rules.v6 | |||
ls -alh ${HOME}/.config/{iptables,ufw}/ | |||
ls -alh ${HOME}/.config/{iptables,ufw}/* | |||
BACKUP_DATE_TIME="$(date +'%Y%m%d-T%H%M')-Z$(date +'%z'|tr '+-' 'PM')" | |||
stat -c "%a %n" /etc/ufw/{before,before6,user,user6,after,after6}.rules | |||
mkdir -p ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/ | |||
iptables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4 | |||
ip6tables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6 | |||
ls -alh ${HOME}/.config/{iptables,ufw}/ | |||
ls -alh ${HOME}/.config/{iptables,ufw}/* | |||
# disable ufw | |||
ufw disable | |||
# restrict any request | |||
iptables -P INPUT DROP | |||
iptables -P FORWARD DROP | |||
iptables -P OUTPUT ACCEPT | |||
# flush all rules | |||
iptables -F | |||
iptables -X | |||
iptables -t nat -F | |||
iptables -t nat -X | |||
iptables -t mangle -F | |||
iptables -t mangle -X | |||
iptables -t raw -F | |||
iptables -t raw -X | |||
# allow ssh request only | |||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | iptables -A INPUT -p tcp --dport 22 -j ACCEPT | ||
iptables - | |||
# check rules | |||
iptables -S | |||
iptables -L -n -v | |||
# iptables-restore < /etc/iptables/rules.v4 | |||
# ip6tables-restore < /etc/iptables/rules.v6 | |||
# iptables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4 | |||
# ip6tables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
==IPTables » Allow SSH » Flush All== | ==IPTables » Allow SSH » Flush All== | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash"> | ||
iptables - | sudo su | ||
mkdir -p /etc/iptables/ | |||
iptables-save > /etc/iptables/rules.v4 | |||
ip6tables-save > /etc/iptables/rules.v6 | |||
ls -alh ${HOME}/.config/{iptables,ufw}/ | |||
ls -alh ${HOME}/.config/{iptables,ufw}/* | |||
BACKUP_DATE_TIME="$(date +'%Y%m%d-T%H%M')-Z$(date +'%z'|tr '+-' 'PM')" | |||
stat -c "%a %n" /etc/ufw/{before,before6,user,user6,after,after6}.rules | |||
mkdir -p ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/ | |||
iptables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4 | |||
ip6tables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6 | |||
mkdir -p ${HOME}/.config/ufw/${BACKUP_DATE_TIME}/ | |||
rsync -avz /etc/ufw/{before,before6,user,user6,after,after6}.rules \ | |||
${HOME}/.config/ufw/${BACKUP_DATE_TIME}/ | |||
ls -alh ${HOME}/.config/{iptables,ufw}/ | |||
ls -alh ${HOME}/.config/{iptables,ufw}/* | |||
# disable ufw | |||
ufw disable | |||
# allow any request | |||
iptables -P INPUT ACCEPT | |||
iptables -P OUTPUT ACCEPT | |||
iptables -P FORWARD ACCEPT | |||
# flush all rules | |||
iptables -F | iptables -F | ||
iptables -X | iptables -X | ||
Line 30: | Line 106: | ||
iptables -t raw -F | iptables -t raw -F | ||
iptables -t raw -X | iptables -t raw -X | ||
# allow ssh request only | |||
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |||
# check rules | |||
iptables -S | |||
iptables -L -n -v | |||
ufw status numbered | |||
# iptables-restore < /etc/iptables/rules.v4 | |||
# ip6tables-restore < /etc/iptables/rules.v6 | |||
# iptables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4 | |||
# ip6tables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6 | |||
# rsync -avz ${HOME}/.config/ufw/${BACKUP_DATE_TIME}/*.rules /etc/ufw/ | |||
# chmod 640 /etc/ufw/{before,before6,user,user6,after,after6}.rules | |||
# ufw enable | |||
iptables -S | |||
ufw status numbered | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 210: | Line 307: | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo cat /etc/shadow|grep nobody | |||
last | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 258: | Line 356: | ||
| valign="top" | | | valign="top" | | ||
* [[Chorke Academia Backup]] | |||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | * [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | ||
* [[Linux User Creation]] | * [[Linux User Creation]] |
Latest revision as of 21:23, 20 January 2025
IPTables » Flush
Command | Effect |
---|---|
sudo iptables -t nat -F |
Flush NAT Table Rules: To flush rules from the nat table |
sudo iptables -F INPUT |
Flush a Specific Chain: For example, to flush only the INPUT chain |
sudo ip6tables -F |
Flush IPv6 IPTables (if applicable): If you’re working with IPv6 IPTables (ip6tables) |
sudo iptables -F |
Flush All Rules: This command flushes all IPTables rules across all chains |
IPTables » Allow SSH » Flush
sudo su
mkdir -p /etc/iptables/
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
ls -alh ${HOME}/.config/{iptables,ufw}/
ls -alh ${HOME}/.config/{iptables,ufw}/*
BACKUP_DATE_TIME="$(date +'%Y%m%d-T%H%M')-Z$(date +'%z'|tr '+-' 'PM')"
stat -c "%a %n" /etc/ufw/{before,before6,user,user6,after,after6}.rules
mkdir -p ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/
iptables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4
ip6tables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6
ls -alh ${HOME}/.config/{iptables,ufw}/
ls -alh ${HOME}/.config/{iptables,ufw}/*
# disable ufw
ufw disable
# restrict any request
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
# allow ssh request only
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# check rules
iptables -S
iptables -L -n -v
# iptables-restore < /etc/iptables/rules.v4
# ip6tables-restore < /etc/iptables/rules.v6
# iptables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4
# ip6tables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6
IPTables » Allow SSH » Flush All
sudo su
mkdir -p /etc/iptables/
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
ls -alh ${HOME}/.config/{iptables,ufw}/
ls -alh ${HOME}/.config/{iptables,ufw}/*
BACKUP_DATE_TIME="$(date +'%Y%m%d-T%H%M')-Z$(date +'%z'|tr '+-' 'PM')"
stat -c "%a %n" /etc/ufw/{before,before6,user,user6,after,after6}.rules
mkdir -p ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/
iptables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4
ip6tables-save > ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6
mkdir -p ${HOME}/.config/ufw/${BACKUP_DATE_TIME}/
rsync -avz /etc/ufw/{before,before6,user,user6,after,after6}.rules \
${HOME}/.config/ufw/${BACKUP_DATE_TIME}/
ls -alh ${HOME}/.config/{iptables,ufw}/
ls -alh ${HOME}/.config/{iptables,ufw}/*
# disable ufw
ufw disable
# allow any request
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
# allow ssh request only
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# check rules
iptables -S
iptables -L -n -v
ufw status numbered
# iptables-restore < /etc/iptables/rules.v4
# ip6tables-restore < /etc/iptables/rules.v6
# iptables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v4
# ip6tables-restore < ${HOME}/.config/iptables/${BACKUP_DATE_TIME}/rules.v6
# rsync -avz ${HOME}/.config/ufw/${BACKUP_DATE_TIME}/*.rules /etc/ufw/
# chmod 640 /etc/ufw/{before,before6,user,user6,after,after6}.rules
# ufw enable
iptables -S
ufw status numbered
Playground
netstat -uap|grep nginx
apt list --installed
sudo iptables -S
netstat -lpn
netstat -a
|
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
|
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn | grep LISTEN
ls -lah /etc/iptables/
ls -lah /etc/iproute2/
ls -lah /etc/ufw/
|
| ||
nc vpn.shahed.biz -uv 1194 # udp
nc vpn.shahed.biz -tv 80 # tcp
nc vpn.shahed.biz -tv 53 # tcp
nc localhost -uv 1194 # udp
nc localhost -tv 80 # tcp
nmap localhost -sT # tcp
nmap localhost -sU # udp
|
suod journalctl -xeu ufw.service
sudo journalctl -xeu iptables
sudo journalctl -xeu nftables
systemctl daemon-reload
journalctl -xe|less
journalctl -xe|tail
journalctl -xe
|
sudo -i -u minikube
echo $(ip r g $(minikube ip)|awk '{print $3}'|head -n1)
sudo nmap vpn.shahed.biz -sU -sT -p U:1194,T:22,53,443
nmap mail.chorke.org --packet-trace -p 587 -vv -sT
tracerout mail.chorke.org
|
| ||
apt install inetutils-traceroute
apt install nmap
|
systemctl status iptables
systemctl status nftables
|
sudo ip6tables-save > /etc/iptables/rules.v6
sudo iptables-save > /etc/iptables/rules.v4
|
| ||
sudo iptables -S FORWARD -v
sudo iptables -S OUTPUT -v
sudo iptables -S INPUT -v
|
sudo iptables -L FORWARD -v
sudo iptables -L OUTPUT -v
sudo iptables -L INPUT -v
|
sudo iptables -L FORWARD -v --line-numbers
sudo iptables -L OUTPUT -v --line-numbers
sudo iptables -L INPUT -v --line-numbers
|
| ||
sudo iptables -S -t nat -v
sudo iptables -S -t nat
|
sudo iptables -L -t nat -v
sudo iptables -L -t nat
|
sudo iptables -L -t nat -v --line-numbers
sudo iptables -L -t nat --line-numbers
|
| ||
sudo systemctl restart networking
sudo iptables -L --line-numbers
iptables --version
|
sudo nmap -sP 192.168.49.0/24
sudo arp -d 192.168.49.100
arp -n
|
sudo arp -s 192.168.49.100 02:42:c0:a8:31:02
kubectl get nodes -o wide
ip route show
|
| ||
nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993
|
sudo tail -n100 -f /var/log/auth.log
sudo tail -n100 -f /var/log/kern.log
|
sudo cat /etc/shadow|grep nobody
last
|
References
| ||