Common iptables tasks

Just few recent things about iptables.

Blocking IPs with iptables:

iptables -A INPUT -s 192.168.1.100/32 -i eth0 -j REJECT

You may have different network interfaces ‘eth1′, ‘rtl0′, etc…
If you have multiple network interfaces on your system you can use “eth+” instead of putting multiple lines for each of eth0, eth1, eth2, etc.

Port forwarding with iptables:

iptables -t nat -A PREROUTING -d 192.168.1.1 -i eth0 -p tcp -m tcp –dport 80 -j DNAT –to-destination 192.168.1.1:9999

It will forward port 80 to port 9999 on 192.168.1.1

Preventing SSH bruteforce attack with iptables:

iptables -A INPUT -i eth0 -p tcp -m state –state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 22 -m recent –name sshattack –set
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –name sshattack –rcheck –seconds 360 –hitcount 3 -j LOG –log-prefix ‘SSH REJECT: ‘
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –name sshattack –rcheck –seconds 360 –hitcount 3 -j REJECT –reject-with tcp-reset

PS. Add “-s ! $IP/32” to exclude $IP from blocking, if you need.

Saving the rules added from the command shell:

iptables-save > /etc/sysconfig/iptables

Common iptables tasks

About the author

Moiz Navsariwala

Products

Services

Colocation

Solutions

Company

Support

Resources