Common iptables tasks

Just few recent things about iptables.

Blocking IPs with iptables:

iptables -A INPUT -s -i eth0 -j REJECT

  1. You may have different network interfaces ‘eth1′, ‘rtl0′, etc…
  2. If you have multiple network interfaces on your system you can use “eth+” instead of putting multiple lines for each of eth0, eth1, eth2, etc.

Port forwarding with iptables:

iptables -t nat -A PREROUTING -d -i eth0 -p tcp -m tcp –dport 80 -j DNAT –to-destination

It will forward port 80 to port 9999 on

Preventing SSH bruteforce attack with iptables:

iptables -A INPUT -i eth0 -p tcp -m state –state ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -m state –state NEW –dport 22 -m recent –name sshattack –set

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –name sshattack –rcheck –seconds 360 –hitcount 3 -j LOG –log-prefix ‘SSH REJECT: ‘

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –name sshattack –rcheck –seconds 360 –hitcount 3 -j REJECT –reject-with tcp-reset

PS. Add “-s ! $IP/32” to exclude $IP from blocking, if you need.

Saving the rules added from the command shell:

iptables-save > /etc/sysconfig/iptables


Bare Metal Dedicated Servers

A single tenant, physical server allowing you full access to its resources.

Browse servers

Professional Hybrid Servers

Virtualized server platform hosted on enterprise-grade physical servers.

Browse servers

Scalable Cloud Servers

High-performance and highly-available infrastructure.

Browse servers

Managed Colocation

Our next-generation data center facilities.

Browse servers

Your email address will not be published.

There are no comments yet, why not be the first?