Basic Linux iptables/firewall

# Basic Linux iptables/firewall ## Install ```sudo apt-get install iptables``` **Note** : It should come default with the OS, if not then install. ## Types Of Chain 1. **Input** For controlling incoming traffic. 2. **Forward** Often used by router to forward traffic. 3. **Output** For controlling outgoing traffic. ## Connection-Specific Responses 1. **Accept** Allows Connection. 2. **Drop** Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists. 3. **Reject** Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them. ## Commands 1. **View** : ```iptables -L -v``` Shows you the different chains and their policies. 2. **Adding Rules** : * ```iptables -A INPUT -s 10.10.10.10 -j DROP``` Explanation : Here we are appending a rule to INPUT chain to drop all incoming traffic from sourch 10.10.10.10 * ```iptables -A INPUT -s 10.10.10.0/24 -j DROP``` Explanation : Blocking range of addresses, by subnet mask. * ```iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP``` Explanation : ```-p``` specifies ```tcp``` protocol, ```-dport``` specifies ```ssh``` port address. This command blocks ssh connection from 10.10.10.10 * ```iptables -A INPUT -p tcp --dport ssh -j DROP``` Explanation : Blocks ssh for all. 3. **Save** : ```sudo /sbin/iptables-save```(Ubuntu). To make rules effective immediately . 4. **Clear Rules** : ```iptables -F```