iptables -A INPUT -s BAN-IP-ADDRESS -j DROP iptables -A INPUT -s BAN-IP-ADDRESS/MASK -j DROP
iptables -A INPUT -s 65.55.44.100 -j DROP Borrar La IPBLOQUEADA.
iptables -D INPUT -s 1.2.3.4 -j DROPVerificar que las reglas IPTABLES
iptables -L INPUT -v -n Guardar las reglas IPTABLE service iptables save
Guardar relgas con iptables-persistent
please use iptables-persistent, it's the easy way: Install iptables-persistent:
sudo apt-get install iptables-persistent
After installed, you can save/reload iptables rules anytime:
sudo /etc/init.d/iptables-
sudo /etc/init.d/iptables-
Metodo Generico de guardas las Reglas IPTABLES
The generic method of saving iptables rules is to use the command iptables-save, which writes to stdout.iptables-save > /etc/network/iptables.rules
Abrir los puertos 5060 & 10,000 al 20,000 Asterisk
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPTBloqueando todo el trafico al puerto 80
iptables -A INPUT -p tcp --dport 80 -j DROP
Bloqueando el trafico de un IP especifica al puerto 80
iptables -A INPUT -p tcp -s 186.149.170.14 --dport 80 -j DROP
Aceptando el trafico de una IP x al puerto 80
iptables -A INPUT -p tcp -s 186.149.170.14 --dport 80 -j ACCEPT
Permitiendo solo trafico de una red x al SIP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 186.149.86.0/255.255.255.255 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j DROP
Permitiendo solo trafico loopback al AMI
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5038 -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j DROP
****************
iptables -A INPUT -p udp -m udp --dport 5060 -j DROP
[root@node38017-itfd-ivr asterisk]# iptables -I INPUT 2 -m state --state RELATED,ESTABLISHED -m udp -p udp --dport 5060 -s 208.103.145.0/24 -j ACCEPT
iptables -I INPUT 2 -m state --state NEW,RELATED,ESTABLISHED -m udp -p udp --dport 28919 -j ACCEPT
****************
Borrar las reglas IPTABLES
Debian / Ubuntu Linux
A) Create /root/fw.stop /etc/init.d/fw.stop script using text editor such as vi:#!/bin/sh echo "Stopping firewall and allowing everyone..." iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT(B) Make sure you can execute the script:
# chmod +x /root/fw.stop(C) You can run the script:
# /root/fw.stopDeteniendo IPTABLE EN CENTOS
Please note that RedHat enterprise Linux (RHEL) and Fedora / Centos Linux comes with pre-installed script, which can be used to stop the firewall:#/etc/init.d/iptables stopBloqueando Trafico a puertos Especifcos
iptables -A INPUT -p tcp --dport 8085 -j DROP
Borrar una cadena espeficica
You may also use the rule's number (--line-numbers):iptables -L INPUT --line-numbers -n
Example output :
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
So if you would like to delete second rule :
iptables -D INPUT 2
AGREGAR REGLAS IPTABLES AL INICIO
agregar al archivo /etc/rc.local las siguiente lineas para que carguen al inicio
/sbin/iptables -A INPUT -p tcp --dport 8085 -j DROP
service iptables save
http://www.iptables.info/en/connection-state.html
No hay comentarios:
Publicar un comentario