![]() ![]() Iptables -A OUTPUT -o eth0 -p tcp -sport 143 -m state -state ESTABLISHED -j ACCEPT This rule will allow to send or receive emails from IMAP or POP3 iptables -A INPUT -i eth0 -p tcp -dport 143 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A OUTPUT -o eth0 -p tcp -sport 25 -m state -state ESTABLISHED -j ACCEPT Allowing IMAP & POP3 Ports iptables -A INPUT -i eth0 -p tcp -dport 25 -m state -state NEW,ESTABLISHED -j ACCEPT These rules will allow mails using sendmail or postfix port 25. Iptables -A INPUT -i eth0 -p tcp -sport 3306 -m state -state ESTABLISHED -j ACCEPT Allow Sendmail Traffic iptables -A OUTPUT -o eth0 -p tcp -dport 3306-m state -state NEW,ESTABLISHED -j ACCEPT This rule will allow only outgoing connection to MySQL when we try to connect to MySQL server from our Linux box. This is different from the incoming connection, we allow both new and established connections on the OUTPUT chain, but whereas in INPUT, we allow only the established chain. Iptables -A OUTPUT -o eth0 -p tcp -m multiport -sports 3306,80,443 -m state -state ESTABLISHED -j ACCEPT Allowing Outgoing MySQL iptables -A INPUT -i eth0 -p tcp -m multiport -dports 3306,80,443 -m state -state NEW,ESTABLISHED -j ACCEPT Here, were are allowing mysql, Http & Https in a single rule. ![]() The below rules will allow incoming connections from outside to multiple ports, instead of writing multiple rules, we can also write rules with multiple ports together as shown below. Iptables -A OUTPUT -o eth0 -p tcp -sport 3306 -m state -state ESTABLISHED -j ACCEPT Allowing Multiple Ports with a Single Rule iptables -A INPUT -i eth0 -p tcp -s 192.168.87.0/24 -dport 3306 -m state -state NEW,ESTABLISHED -j ACCEPT The below example will allow 3306 (mysql) for a specific network 192.168.87.x. Iptables -A OUTPUT -o eth0 -p tcp -sport 3306 -m state -state ESTABLISHED -j ACCEPT Allowing Incoming MySQL Port (3306) for a Specific Network iptables -A INPUT -i eth0 -p tcp -dport 3306 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A INPUT -i eth0 -p tcp -sport 3306 -m state -state ESTABLISHED -j ACCEPT Allowing the Incoming MySQL port (3306) for TCP Traffic.īelow is the example which has incoming & outgoing traffic on port 3306 (mysql) for eth0 adaptor. The below rules will allow only outgoing ssh connection from the internal network means we can ssh only from 192.168.87.0/24 network only iptables -A OUTPUT -o eth0 -p tcp -d 192.168.100.0/24 -dport 3306 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A OUTPUT -o eth0 -p tcp -sport 443 -m state -state ESTABLISHED -j ACCEPT Allowing only SSH to a Network Iptables -A INPUT -i eth0 -p tcp -dport 443 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A OUTPUT -o eth0 -p tcp -sport 80 -m state -state ESTABLISHED -j ACCEPT The below rules will allow all the incoming traffic of HTTP & HTTPS (80 & 443) iptables -A INPUT -i eth0 -p tcp -dport 80 -m state -state NEW,ESTABLISHED -j ACCEPT Allowing HTTP & HTTPS Incoming Connections If we trust the internal users, we can use the DROP for incoming rules, and the default outgoing will be ACCEPT. # iptables -P INPUT DROPįor every firewall rule, we need to define two rules, i.e., one for In-coming and another for Out-going. ![]() The default policy is ACCEPT, change the policy to DROP for all the INPUT, FORWARD, OUTPUT. Use the IPtables flush command, below are some examples – #iptables -flush Deleting the IPtables or Existing Rulesīefore you start building new IPtables set of rules, you should clean up all the default rules, and existing rules. This article will help you to create IPtables rules that you can directly use for your daily or routine needs, These examples will act as basic templates for you to work on iptables with these rules which suit your specific requirement. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |