====== IPtables Firewall ======

IPtables is the default firewall on Redhat-based distros.

http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/

List rules:

<file>
iptables -nL <table> -v
</file>

===== Flush All =====

  - **Set the default policies** for each of the built-in chains to ''ACCEPT''
  - **Flush** the ''nat'' and ''mangle'' **tables**
  - **Flush all chains** (-F)
  - **Delete all non-default chains** (-X)
  - **Flush all counters** (-Z)

<file>
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
</file>

===== Docker =====

How to firewall external access to Docker 'published' ports example:

<file>
iptables -L DOCKER-USER >/dev/null || iptables -N DOCKER-USER
iptables -I DOCKER-USER 1 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I DOCKER-USER 2 -i eth0 -m conntrack --ctstate INVALID -j DROP
iptables -I DOCKER-USER 3 -i eth0 --match multiport -p tcp --dports 80,443 -j ACCEPT
iptables -I DOCKER-USER 4 -i eth0 -m conntrack --ctstate NEW -j LOG --log-prefix "DOCKER-USER_DROP "
iptables -I DOCKER-USER 5 -i eth0 -m conntrack --ctstate NEW -j DROP

iptables -nL DOCKER-USER -v
</file>