Wednesday 11 April 2018

How to list and delete IPtables

How to list and delete iptables


  • To delete Input rules:
    • iptables -L -n -v --line-number
    • For example, if we want to delete the input rule that drops invalid packets, we can see that it's rule 3 of the INPUT chain. So we should run this command:
    • iptables -D INPUT 3
  • To delete POSTROUTING:
    • iptables -t nat -L -n -v --line-number
    • iptables -t nat -D POSTROUTING 2
    • --------------- snip -----------
      • Chain POSTROUTING (policy ACCEPT 57 packets, 4044 bytes)
      • num   pkts bytes target     prot opt in     out     source               destination
      • 1      670 42596 SNAT       all  --  *      br2     0.0.0.0/0            0.0.0.0/0            to:172.30.13.90
      • 2        0     0 SNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.254        tcp dpt:80 to:192.168.1.99
    • ---------------snip ----------------
    • The above place line 2 is deleted.

Command to list the IPtables:

    • iptables -L -v
    • iptables -L
    • iptables -L -n  => For INPUT, FORWARD and OUTPUT-chains
    • iptables -L -t nat
    • iptables -t nat -L -n -v  -> to View nat rules

Posted by at No comments:
Labels: , ,

Friday 6 April 2018

How to specify particular source address & port in iptables

How to specify particular source address & port in iptables:


  • Source ip (-s)
    • -s, --source address[/mask][,...]
  • Destination (-d)
    • -d, --destination address[/mask][,...]
  • Source Port:
    • --source-port,--sport [!] port[:port]
  • Destination port:
    • --destination-port,--dport [!] port[:port]
  • protocol
    • -p <protocol name, tcp, udp, icmp> 

Example:

iptables -t nat -A PREROUTING -p tcp -s 192.168.1.99 --sport 58902 -d 173.223.52.123 --dport 80 -j DNAT --to-destination 192.168.1.254:80
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)