IPTables

# List all IPTables rules without numerical output
iptables -nvL

# Add a rule to reject packets from a specific IP
iptables -A INPUT -s 192.168.12.139 -j REJECT

# List all IPTables rules with line numbers
iptables -L --line-number

# Delete the first rule in the INPUT chain
iptables -D INPUT 1

# Verify the changes
iptables -nvL

# Replace the first rule in the INPUT chain with an ACCEPT rule
iptables -R INPUT 1 -j ACCEPT

# Verify the changes again
iptables -nvL

# Save the current IPTables configuration to a file
iptables-save > /etc/iptables.conf

# Restore IPTables rules from the saved file
iptables-restore < /etc/iptables.conf

IPTables Persistence

# Search for iptables-persistent package
aptitude search iptables-persistent

# Edit the persistent IPTables rules file
nano /etc/iptables/rules.v4

# List current IPTables rules
iptables -L

Explanation of IPTables Commands

  1. iptables -nvL: Lists all IPTables rules with numeric values and doesn’t show interfaces.

  2. iptables -A INPUT -s 192.168.12.139 -j REJECT: Adds a rule to the INPUT chain that rejects packets from the specified IP address.

  3. iptables -L --line-number: Displays IPTables rules with line numbers for easy reference.

  4. iptables -D INPUT 1: Deletes the first rule in the INPUT chain.

  5. iptables -R INPUT 1 -j ACCEPT: Replaces the first rule in the INPUT chain with an ACCEPT rule.

  6. iptables-save > /etc/iptables.conf: Saves the current IPTables configuration to a file named /etc/iptables.conf.

  7. iptables-restore < /etc/iptables.conf: Restores IPTables rules from the previously saved file.

  8. aptitude search iptables-persistent: Searches for packages related to persistent IPTables rules.

  9. nano /etc/iptables/rules.v4: Edits the file containing persistent IPTables rules.

  10. iptables -L: Lists all current IPTables rules.

Example IPTables Configuration

The example configuration file shows several common rules:

  • :INPUT ACCEPT [15:1380]: Sets the default policy for INPUT to ACCEPT.
  • :FORWARD ACCEPT [0:0]: Sets the default policy for FORWARD to ACCEPT.
  • :OUTPUT ACCEPT [3:444]: Sets the default policy for OUTPUT to ACCEPT.
  • -A OUTPUT -d facebook.com -j DROP: Drops packets destined for facebook.com.
  • -A OUTPUT -p tcp --dport 22 -j DROP: Drops TCP traffic on port 22 (SSH).
  • -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT: Accepts TCP traffic on ports 80 and 443.
  • -A INPUT -p icmp eth0 -j REJECT: Rejects ICMP traffic on interface eth0.
  • -A INPUT -p tcp -j REJECT: Rejects all other TCP traffic.

This configuration demonstrates various filtering techniques, including:

  • Blocking specific domains (facebook.com)
  • Disallowing SSH access
  • Allowing HTTP/HTTPS traffic
  • Rejecting ICMP traffic
  • Rejecting all other TCP traffic

Remember to adjust these rules according to your specific security requirements and network setup. Always test changes in a controlled environment before applying them to production systems.

Thank you for providing the additional content about IPTables. I’ll correct and fix errors, elaborate on the commands, and provide explanations for each part. Here’s the corrected and expanded version:

# Example of DROP
iptables -A INPUT -p tcp --dport 22 -j DROP

# Example of REJECT
iptables -A INPUT -p tcp --dport 23 -j REJECT --reject-with tcp-reset

In summary, the choice between DROP and REJECT depends on your desired behavior for handling unwanted packets:

  • DROP: Silently discards packets without sending a response.
  • REJECT: Sends an ICMP error message back to the sender.
# Enable IP forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

# Set up port redirection
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222

# Display routing table
ip route

# Display network interface configuration
ifconfig

# Display IPv4 addresses
ip addr

# Save IPTables configuration
sudo iptables-save

# List IPTables rules
sudo iptables -L

# List IPTables rules with line numbers
sudo iptables -L --line-numbers

# Delete the third rule in the INPUT chain
sudo iptables -D INPUT 3

# Add a route (note: syntax error corrected)
sudo ip route add 10.0.0.0/8 via 192.168.12.100

# Check if kube-dns service is allowed
iptables-save | grep kube-dns

# Restart networking service
sudo systemctl restart networking

# Check if port 2375 is open
netstat -nap | grep :2375

# Allow port 5000 through UFW firewall
sudo ufw allow 5000

# Display eth0 interface configuration
ifconfig eth0

# List IPTables rules (corrected syntax)
iptables -L | more

# List NAT rules
iptables -L -n -v -t nat

# Save IPTables configuration to a file
sudo iptables-save > /etc/iptables.conf

# Restore IPTables configuration from a file
sudo iptables-restore < /etc/iptables.conf

Explanation of IPTables Commands

  1. iptables -A INPUT -p tcp --dport 22 -j DROP: Adds a rule to drop all incoming TCP traffic on port 22 (SSH).

  2. iptables -A INPUT -p tcp --dport 23 -j REJECT --reject-with tcp-reset: Adds a rule to reject incoming TCP traffic on port 23 (Telnet) and sends a reset packet back to the sender.

  3. echo "1" > /proc/sys/net/ipv4/ip_forward: Enables IP forwarding, allowing the system to act as a router.

  4. iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222: Sets up port redirection from port 22 to port 2222.

  5. ip route, ifconfig, ip addr: Display network routing information and interface configurations.

  6. sudo iptables-save and sudo iptables -L: Save and list IPTables rules.

  7. sudo iptables -L --line-numbers: Lists IPTables rules with line numbers for easy reference.

  8. sudo iptables -D INPUT 3: Deletes the third rule in the INPUT chain.

  9. sudo ip route add 10.0.0.0/8 via 192.168.12.100: Adds a routing entry for the 10.0.0.0/8 network via the gateway 192.168.12.100.

  10. iptables-save | grep kube-dns: Searches for rules related to the kube-dns service.

  11. sudo systemctl restart networking: Restarts the networking service.

  12. netstat -nap | grep :2375: Checks if port 2375 is open.

  13. sudo ufw allow 5000: Allows traffic through UFW firewall for port 5000.

  14. ifconfig eth0: Displays configuration for the eth0 interface.

  15. iptables -L | more: Lists IPTables rules with pagination.

  16. iptables -L -n -v -t nat: Lists NAT-related IPTables rules.

  17. sudo iptables-save > /etc/iptables.conf: Saves IPTables configuration to a file named /etc/iptables.conf.

  18. sudo iptables-restore < /etc/iptables.conf: Restores IPTables configuration from the saved file.

These commands demonstrate various IPTables operations including rule creation, viewing, saving, restoring, and modifying. Remember to be cautious when modifying firewall rules, especially in production environments, and always test changes in a controlled manner.

Citations: [1] https://todisco.de/en/blog/iptables-reject-vs-drop [2] https://serverfault.com/questions/157375/reject-vs-drop-when-using-iptables [3] https://www.baeldung.com/linux/iptables-reject-vs-drop [4] https://forum.openwrt.org/t/iptables-difference-between-drop-and-reject/64738 [5] https://bobcares.com/blog/iptables-drop-vs-reject/ [6] https://unix.stackexchange.com/questions/109459/is-it-better-to-set-j-reject-or-j-drop-in-iptables [7] https://medium.com/@turgenev.e9g/drop-vs-reject-how-to-make-linux-behave-like-windows-93e8df1be519 [8] https://www.coresentinel.com/reject-versus-drop/ [9] https://ale.ale.narkive.com/CNOcwe66/iptables-drop-vs-reject-reject-with-tcp-reset [10] http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject