Skip to content

Instantly share code, notes, and snippets.

@dgersting

dgersting/iptables.md

Last active September 19, 2015 02:19
Show Gist options
  • Save dgersting/f650d16a4f76e3ff284c to your computer and use it in GitHub Desktop.
Save dgersting/f650d16a4f76e3ff284c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
iptables.md

Usefull BASH Aliases:

  • iptables-list='iptables -L -v --line-numbers'
  • ip6tables-list='ip6tables -L -v --line-numbers'

Modules: (-m <module>) (http://ipset.netfilter.org/iptables-extensions.man.html)

  • ctstate:
    • --state INVALID,NEW,ESTABLISHED,RELATED,UNTRACKED,SNAT,DNAT
  • multiport:
    • --sports port[,port|,port:port]
    • --dports port[,port|,port:port]
    • --ports port[,port|,port:port]

ICMP Reject Types: (-j REJECT --reject-with <type>)

  • IPv4
    • icmp-net-unreachable
    • icmp-host-unreachable
    • icmp-port-unreachable
    • icmp-proto-unreachable
    • icmp-net-prohibited
    • icmp-host-prohibited
    • icmp-admin-prohibited (*)
  • IPv6
    • icmp6-no-route
    • icmp6-adm-prohibited
    • icmp6-addr-unreachable
    • icmp6-port-unreachable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment