<markdown>

# Firewall

## iptables

Accept SSH connections destined to 10.0.0.0/24.

``` bash
iptables -I INPUT -s 10.0.0.0/24 -p tcp --dport 22 -j ACCEPT
```

Deny all SSH connections.

``` bash
iptables -A INPUT -p tcp --dport 22 -j DROP
```

Rewrite the source address (SNAT) of packets egressing eth0 to 192.168.1.1.

``` bash
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.1
```

Rewrite the destination address (DNAT) 192.168.1.1 of a packet ingressing eth0 to the destination 192.168.2.2.

``` bash
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -j DNAT --to-destination 192.168.2.2
```

Masquerade (NAT) all packets egressing interface wlan0.

``` bash
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
```

Save iptables rules.

``` bash
iptables-save -f </path/to/file>
```
## ebtables

## firewalld

## nftables
</markdown>