User Tools
firewall:firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| firewall:firewall [2022/08/15 00:06] – jc | firewall:firewall [2023/04/23 19:40] (current) – jc | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Firewall ====== | + | < |
| - | ===== iptables ===== | + | # Firewall |
| - | Accept SSH connection to the input chain. | + | ## iptables |
| - | <code bash> | + | Accept SSH connections destined to 10.0.0.0/24. |
| - | Deny SSH connection to the input chain. | + | ``` bash |
| + | iptables -I INPUT -s 10.0.0.0/24 -p tcp --dport 22 -j ACCEPT | ||
| + | ``` | ||
| - | < | + | Deny all SSH connections. |
| + | |||
| + | ``` bash | ||
| + | iptables -A INPUT -p tcp --dport 22 -j DROP | ||
| + | ``` | ||
| Rewrite the source address (SNAT) of packets egressing eth0 to 192.168.1.1. | Rewrite the source address (SNAT) of packets egressing eth0 to 192.168.1.1. | ||
| - | < | + | ``` bash |
| + | iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1 | ||
| + | ``` | ||
| - | Rewrite the destination address 192.168.1.1 | + | Rewrite the destination address |
| - | < | + | ``` bash |
| + | iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -j DNAT --to-destination 192.168.2.2 | ||
| + | ``` | ||
| Masquerade (NAT) all packets egressing interface wlan0. | Masquerade (NAT) all packets egressing interface wlan0. | ||
| - | < | + | ``` bash |
| + | iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE | ||
| + | ``` | ||
| Save iptables rules. | Save iptables rules. | ||
| - | < | + | ``` bash |
| - | + | iptables-save -f </ | |
| + | ``` | ||
| + | ## ebtables | ||
| + | ## firewalld | ||
| + | ## nftables | ||
| + | </ | ||
firewall/firewall.1660536395.txt.gz · Last modified: by jc