tcpdump -n -i eth0 src SRC_IP or dst DEST_IP
sudo route add -net DESTINATION gateway GATEWAY
sudo route add -net DESTINATION if INTERFACE
netstat -rn
tracerouts <ADDRESS>
sudo netstat -tulpn
iptables
organizes firewalls in chains (INPUT
,OUTPUT
,FORWARD
)- each chain contains a set of rules. A rule defines
- a protocol type
- a source address
- a destination address
- an interface
- ...
- a packet either matches a rule or not
- if a rule is matched, the associated action is taken - this action is called a target. A target can be
*
ACCEPT
DROP
- rules are processed in the order of appearence within a chain
- each chain has a default policy that matches if no rule matches
iptables -n -L # -n = disables DNS
use --list-numbers
to show the numbers of rules in a chain.
iptables -S INPUT
shows all commands necessary to set up the INPUT
chain
iptables
-A INPUT = append
-I INPUT <pos> = insert
-j target (e.g. ACCEPT, DROP...)
-p protocol, e.g. tcp
-dport destination port, e.g. 80
-i interface name
iptables -P INPUT DROP
Adds a DROP
policy to the INPUT
chain
Before you can delete a policy there must be no more rules in the policy. Afterwards, it's
iptables -X INPUT
iptables rules are not persistent - therefore you can flush the rules with
iptables -F
Remind that policies are not flushed
Althought there exist several logging mechanisms for iptables (see Further Resources) this will not work, unless you have the ipt_LOG
module installed on your kernel.
Therefore this can be a workaround to see what's happening with your packets:
watch
theiptables -L
command with
watch -n 0.1 sudo iptables -L -n -v
- Ping some host - you'll now see the packet counter of the affected rules increasing
- How the iptables Firewall works (Digital Ocean)
- How to set up a Firewall using iptables (Digital Ocean)
- iptables Essentials (Digital Ocean)
- How to list and delete iptables Firewall Rules (Digital Ocean)