User Tools
networking:firewall:iptables
Table of Contents
IPtables Firewall
IPtables is the default firewall on Redhat-based distros.
http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/
List rules:
iptables -nL <table> -v
Flush All
- Set the default policies for each of the built-in chains to
ACCEPT - Flush the
natandmangletables - Flush all chains (-F)
- Delete all non-default chains (-X)
- Flush all counters (-Z)
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F iptables -X iptables -Z iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t raw -F iptables -t raw -X
Docker
How to firewall external access to Docker 'published' ports example:
iptables -L DOCKER-USER >/dev/null || iptables -N DOCKER-USER iptables -I DOCKER-USER 1 -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -I DOCKER-USER 2 -i eth0 -m conntrack --ctstate INVALID -j DROP iptables -I DOCKER-USER 3 -i eth0 --match multiport -p tcp --dports 80,443 -j ACCEPT iptables -I DOCKER-USER 4 -i eth0 -m conntrack --ctstate NEW -j LOG --log-prefix "DOCKER-USER_DROP " iptables -I DOCKER-USER 5 -i eth0 -m conntrack --ctstate NEW -j DROP iptables -nL DOCKER-USER -v
networking/firewall/iptables.txt · Last modified: 2022/07/29 11:12 by gcooper
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
