pmhaynes

Just another WordPress site

Useful IPtables commands

Posted by Paul on June 6, 2014
Posted in: Linux. Tagged: iptables.

Link

Link

 

iptables -A INPUT -s IP ADDRESS -j LOG –log-prefix “iptables:  ”

iptables -A INPUT -s IP ADDRESS -j DROP

iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j LOG –log-prefix “iptables:”

/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
/sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

How Do I Delete Blocked IP Address?
iptables -L INPUT -n –line-numbers
iptables -D INPUT 3

How Do I Block Subnet (xx.yy.zz.ww/ss)?

Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
# /sbin/iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

Block Outgoing Request From LAN IP 192.168.1.200?

Use the following syntax:
# /sbin/iptables -A OUTPUT -s 192.168.1.200 -j DROP
# /sbin/service iptables save

http://blog.shadypixel.com/log-iptables-messages-to-a-separate-file-with-rsyslog/

The first thing you need to do is modify your iptables script/entries for logging to look something like this, mileage may vary depending on what you want to do so please make sure to validate your options with this first:

-A INPUT -j LOGDROP
-A LOGDROP -p tcp -j LOG --log-prefix "iptables: "
-A LOGDROP -p udp -j LOG --log-prefix "iptables: "
-A LOGDROP -p icmp -j LOG --log-prefix "iptables: "

Note:  My entries are for dropping packets, you do not have to drop packets to log them. Just keep that in mind while creating your own entries.

The key piece is the prefix which will allow filtering on that log entry. Since we know this we can now add an iptables configuration file into the /etc/rsyslog.d directory.

vim /etc/rsyslog.d/iptables.conf

Add the following text (or modify to suit your setup):

:msg, startswith, "iptables: " -/var/log/iptables.log
& ~

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Like this:

Like Loading...

Related

Posts navigation

← Debian Checking Free Disk Space
How to enable or disable services in Debian / Ubuntu →
  • Advert

  • Recent Posts

    • Routing network traffic between 2 subnets using a Raspberry Pi
    • OpenVPN setup
    • How to set the time zone in Debian
    • How to:WordPress directory permissions
    • How to set default directory for a user VSFTPD
  • Recent Comments

    • Archives

      • February 2019 (1)
      • December 2018 (1)
      • March 2018 (2)
      • April 2015 (2)
      • January 2015 (1)
      • October 2014 (1)
      • June 2014 (1)
      • May 2014 (6)
      • April 2014 (2)
      • March 2014 (1)
      • January 2014 (1)
      • December 2013 (1)
      • November 2013 (6)
    • Categories

      • Linux
      • Uncategorized
      • Wordpress
    • Meta

      • Log in
      • Entries feed
      • Comments feed
      • WordPress.org
    Proudly powered by WordPress Theme: Parament by Automattic.
    %d bloggers like this: