Andrew McDonough

Please note: This page is imported from my wiki, which hasn't been updated in over 10 years. Some of the formatting was lost during the import. I'll try to get around to fixing it someday.

iptables

iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

insert (-i) into chain INPUT with source (-s) ip xxx.xxx.xxx.xxx and jump (-j) to target DROP

iptables -L INPUT

List the entries in the INPUT chain

iptables -F INPUT

Flush the INPUT chain

iptables -L -n**

List by IP address

iptables-save > /etc/iptables.conf Saves

iptables-restore < /etc/iptables.conf Restores

Using as a firewall

use the output chain to drop all requests on port 80 -A OUTPUT -p tcp -m tcp —dport 80 -j DROP -A OUTPUT -p tcp -m tcp —dport 443 -j DROP

then accept ips that you want -A OUTPUT -s 217.158.112.246 -d 212.118.245.130 -p tcp -m tcp —dport 80 -j ACCEPT

Adding on command line iptables -I OUTPUT -s 217.158.112.246 -d destinationIP -p tcp —dport 80 -j ACCEPT


Andrew McDonough

Andrew McDonough is a consultant CTO and software developer, currently based between Berlin and London.

Follow Andrew on Twitter or Connect on LinkedIn