Created
July 3, 2017 07:28
-
-
Save morteza-mori/437ea0e5500085d1facc16773727b5e7 to your computer and use it in GitHub Desktop.
nast
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NAST | |
Find all hosts on the LAN using ARP: | |
nast -m | |
Find suitable internet gateway: | |
nast -i INTERFACE -g | |
Reset connection: | |
nast -i INTERFACE -r | |
See specific traffic: | |
nast -i INTERFACE -f "src 192.168.1.2" | |
Check who is online poisoning: | |
nast -c -B | |
arp -an |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Iptables
Ex: sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
-D chain rule → Delete rule
-A chain rule - Append this rule to a rule chain. Valid chains for what we're
doing are INPUT, FORWARD and OUTPUT
-j - Jump to the specified target. By default, iptables allows four targets:
ACCEPT - Accept the packet and stop processing rules in this chain.
REJECT - Reject the packet and notify the sender that we did so, and stop
processing rules in this chain.
DROP - Silently ignore the packet, and stop processing rules in this chain.
LOG - Log the packet, and continue processing more rules in this chain.
Allows the use of the --log-prefix and --log-level options.
-I chain rule → Insert
-R chain number rule → Replace
-t table → table
-S → List rules
-X → Delete chain
-L → List all
-N chain --> New chain
-P chain target → Policy
Block Ping:
iptables -A OUTPUT -p icmp - j REJECT
iptables -A INPUT -p icmp - j REJECT
Block SSH port:
iptables -A INPUT -s 217.61.158.248 -p tcp --dport 22 -j DROP
LOG:
iptables -A OUTPUT -p icmp -j LOG --log-prefix "PING:> "
Saves the record in /var/log/messages with “PING:>”
Flush:
iptables -F [CHAIN] or --flush [CHAIN]
Accept new connections from inside:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT
[Options]
-m name → Match
-p protocol → Can use all instead of protocol
--sport port:[range port] → Source port & range
--dport port:[range port] → Destination port & range
-s address[/mask] → Source address
-d address[/mask] → Destination address
-i interface → JUST FOR INPUT
-o interface → JUST FOR OUTPUT
-m state --state state → State can be INVALID, NEW, ESTABLISHED, RELATED
-j target → Jump, tells iptables what to do
-g chain → Go to chain