Iptables Cheatsheet

[Neo]

From time to time I find myself having to go through man pages and googling for some simple iptable rules. This post is meant as a cheatsheet for me, so I can concentrate here various rules and remarks.

I hope others will benefit from this cheatsheet as well. Intend to expand it over time as I gather more rules and tips, so bookmarking the post might be a good idea. Last but not least, if you have some useful iptables rules I’ve missed please send them using the comments.

Blocking specific IPs

Code: Select all

iptables -I INPUT -s "207.58.140.12" -j DROP

Blocking a range of IPs (IP block)

Code: Select all

iptables -I INPUT -s "207.58.140.0/24" -j DROP

The number after the slash (/) determines the number of bits (starting with the most significant one) considered when matching an IP address. For example the above rule will block any packets from 207.58.140.* . Other useful number of bits are 16 (for matching the first two octets) and 8 (only the first octet).

Deleting rules
Just specify the rule after a -D flag. E.g.

Code: Select all

iptables -D INPUT -s "207.58.140.12" -j DROP

Saving new rules

Code: Select all

/etc/init.d/iptables save