Linux iptables
First off all we should set policy for our firewall:
iptables -P
Example:
1 |
iptables -P INPUT ACCEPT |
To show current status of our firewall – iptables:
NOTE: this doesn’t mean rules are in /etc/iptables.rules file.
1 |
iptables --list --line-numbers -n |
Same, but a little shorter:
1 |
iptables -L -n --line-numbers |
keys:
-n – do not resolv service names
-L / –list – lists rules
–line-numbers – set line number to help handle (delete for example) rules
Output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost] # iptables -L -n --line-numbers Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT all -- 127.0.0.1 0.0.0.0/0 3 ACCEPT tcp -- 10.135.0.0/16 0.0.0.0/0 tcp dpt:3306 4 ACCEPT tcp -- 10.135.14.0/24 0.0.0.0/0 tcp dpt:80 5 ACCEPT tcp -- 10.135.0.0/16 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
Adding Accept rule:
1 |
iptables -A -i -p --dport -j |
Example: allow nrpe access from nagios to check services status
1 |
iptables -A INPUT -i eth0 -p tcp --dport 5666 -j ACCEPT |