Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » firewall » iptables
Trace: zabbix_host
networking:firewall:iptables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:firewall:iptables [2021/09/27 12:22]
gcooper 		networking:firewall:iptables [2022/07/29 11:12] (current)
gcooper
Line 4: Line 4:
  
 http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/ http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/
 +
 +List rules:
 +
 +<file>
 +iptables -nL <table> -v
 +</file>
  
 ===== Flush All ===== ===== Flush All =====
  
-  - Set the **default policies** for each of the built-in chains to ''ACCEPT''+  - **Set the default policies** for each of the built-in chains to ''ACCEPT''
   - **Flush** the ''nat'' and ''mangle'' **tables**   - **Flush** the ''nat'' and ''mangle'' **tables**
   - **Flush all chains** (-F)   - **Flush all chains** (-F)
   - **Delete all non-default chains** (-X)   - **Delete all non-default chains** (-X)
 +  - **Flush all counters** (-Z)
  
 <file> <file>
Line 16: Line 23:
 iptables -P FORWARD ACCEPT iptables -P FORWARD ACCEPT
 iptables -P OUTPUT ACCEPT iptables -P OUTPUT ACCEPT
-iptables -t nat -F 
-iptables -t mangle -F 
 iptables -F iptables -F
 iptables -X iptables -X
 +iptables -Z
 +iptables -t nat -F
 +iptables -t nat -X
 +iptables -t mangle -F
 +iptables -t mangle -X
 +iptables -t raw -F
 +iptables -t raw -X
 +</file>
 +
 +===== Docker =====
 +
 +How to firewall external access to Docker 'published' ports example:
 +
 +<file>
 +iptables -L DOCKER-USER >/dev/null || iptables -N DOCKER-USER
 +iptables -I DOCKER-USER 1 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 +iptables -I DOCKER-USER 2 -i eth0 -m conntrack --ctstate INVALID -j DROP
 +iptables -I DOCKER-USER 3 -i eth0 --match multiport -p tcp --dports 80,443 -j ACCEPT
 +iptables -I DOCKER-USER 4 -i eth0 -m conntrack --ctstate NEW -j LOG --log-prefix "DOCKER-USER_DROP "
 +iptables -I DOCKER-USER 5 -i eth0 -m conntrack --ctstate NEW -j DROP
 +
 +iptables -nL DOCKER-USER -v
 </file> </file>
  
networking/firewall/iptables.1632766969.txt.gz · Last modified: 2021/09/27 12:22 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki