IPTables Configuration

    The configuration options of IPTables are very extensive. We have therefore summarized the most important IPTables commands in a short HowTo for our customers.


    Block complete IP subnet with CIDR notation

    iptables -A INPUT -s 116.10.191.0/24 -j DROP

     

    Block IP range

    iptables -I INPUT -m iprange --src-range 116.10.191.20-116.10.191.50 -j DROP

    Allow SSH connection only from a specific IP address

    iptables -A INPUT -p tcp -s 192.168.178.1 --dport 22 -j ACCEPT

     

    IPTables Log

    iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

     

    Save IPTables rules permanently

    Normalerweise werden IPTables Regeln nur temporär bis zum Neustart eines Servers gespeichert. Mit den nachfolgenden Befehlen können diese dauerhaft gespeichert oder wiederhergestellt werden:

    iptables-save > /etc/iptables/rules
iptables-restore < /etc/iptables/rules

    DDOS protection with IPTables
    Allows 8 connections per second per IP
    iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst 8 -j DROP

    Syn-Flood Protection
    iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT

     

    Prevent port scanning

    iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -j ACCEPT 
iptables -A INPUT -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -j ACCEPT
iptables -A INPUT -p tcp ! –-syn -m state –state NEW -j LOG –log-prefix “Stealth Scan”
iptables -A INPUT -p tcp ! –-syn -m state –state NEW -j DROP
    Tags
    iptables
    Published