Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [iptables]

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators. Please, when asking a question about iptables, add the output from the following command: iptables -L -v -n

iptables is userspace utility complementary to Linux kernel-level Netfilter firewall.

When seeking help in regards of the firewall configuration it's advisable to supply iptables-save output to give a readable ruleset listing possibly appending it with iptables -L -v -n — to give matching ruleset information.

6406 questions
277
votes
15 answers

How to Unban an IP properly with Fail2Ban

I'm using Fail2Ban on a server and I'm wondering how to unban an IP properly. I know I can work with IPTables directly: iptables -D fail2ban-ssh But is there not a way to do it with the fail2ban-client? In the manuals it states something…
psp
  • 3,033
  • 3
  • 14
  • 14
139
votes
11 answers

best way to clear all iptables rules

I currently have this snippet: # flush all chains iptables -F iptables -t nat -F iptables -t mangle -F # delete all chains iptables -X Is there a possibility that some impervious rule will stay alive after running this? The idea is to have a…
kagali-san
  • 1,921
  • 5
  • 17
  • 20
138
votes
8 answers

How can I port forward with iptables?

I want connections coming in on ppp0 on port 8001 to be routed to 192.168.1.200 on eth0 on port 8080. I've got these two rules -A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.200:8080 -A FORWARD -m state -p tcp -d…
Stu
  • 2,118
  • 2
  • 15
  • 21
114
votes
7 answers

REJECT vs DROP when using iptables

Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP
Mike B
  • 11,570
  • 42
  • 106
  • 165
106
votes
12 answers

How to start/stop iptables on Ubuntu?

How can I start/stop the iptables service on Ubuntu? I have tried service iptables stop but it is giving "unrecognized service". Why is it doing so? Is there any other method?
neha soni
103
votes
2 answers

IPTABLES - Limit rate of a specific incoming IP

I do not wish to limit the rate of a specific service. My goals is to limit rate based solely on the incoming IP address. For example using a pseudo-rule: john.domain.local (192.168.1.100) can only download from our httpd/ftp servers at "10KB/s"…
James
  • 1,117
  • 3
  • 9
  • 16
95
votes
2 answers

How to do the port forwarding from one ip to another ip in same network?

I would like do some NAT in iptables. So that, all the packets coming to 192.168.12.87 and port 80 will be forwarded to 192.168.12.77 port 80. How to do this with iptables? Or Any other ways to achieve the same?
sat
  • 1,153
  • 3
  • 12
  • 14
82
votes
4 answers

How to reload default Mac OSX routing table without rebooting

Greetings, I'm using vpnc for a VPN client. I'm also doing some tricky things with route to make sure I can still access my local network, etc. etc. (the particulars here are not very important). Sometimes I get the routing table so jacked up I get…
Nate Murray
  • 973
  • 1
  • 7
  • 7
80
votes
6 answers

Centos 7 save iptables settings

Problem: iptables resets to default settings after server reboot. I'm trying to set rule like this: iptables -I INPUT -p tcp --dport 3000 -j ACCEPT after that I do: service iptables save and it writes back something like this iptables: Saving…
user1463822
  • 903
  • 1
  • 7
  • 4
72
votes
5 answers

What is the correct way to open a range of ports in iptables

I have come across articles advising for the following: iptables -A INPUT -p tcp 1000:2000 -j ACCEPT And others stating that the above will not work and iptables only supports multiple port declarations with the --multiport option. Is there a…
Paul Whalley
  • 743
  • 1
  • 7
  • 6
72
votes
2 answers

IPTables only allow localhost access

I have struggled throughout the years to get a solid understanding on iptables. Any time I try and read through the man pages my eyes start to glaze over. I have a service that I only want to allow the localhost to have access to. What terms (or…
iptablessuck
  • 723
  • 1
  • 6
  • 4
71
votes
7 answers

iptables equivalent for mac os x

I want to forward requests from 192.168.99.100:80 to 127.0.0.1:8000. This is how I'd do it in linux using iptables: iptables -t nat -A OUTPUT -p tcp --dport 80 -d 192.168.99.100 -j DNAT --to-destination 127.0.0.1:8000 How do I do the same thing in…
nafe
  • 1,241
  • 1
  • 10
  • 8
70
votes
3 answers

Block range of IP Addresses

I am getting bombarded with attempted hacks from China all with similar IPs. How would I block the IP range with something like 116.10.191.* etc. I am running Ubuntu Server 13.10. The current line I am using is: sudo /sbin/iptables -A INPUT -s…
Stephen Cioffi
  • 817
  • 1
  • 7
  • 8
69
votes
4 answers

How to PREPEND rules rather than APPEND using iptables?

Pretty basic question: how to PREPEND rules on IPTABLES rather than to APPEND? I have DROP statements at the bottom of my rules. I have a software to add new rules but adding rules after DROP statements isn't good. Every time I want to add a new…
ale
  • 883
  • 2
  • 10
  • 13
67
votes
4 answers

Windows equivalent of iptables?

Dumb question: Is there an equivalent of iptables on Windows? Could I install one via cygwin? The real question: how can I accomplish on Windows what I can accomplish via iptables? Just looking for basic firewall functionality (e.g. blocking certain…
Aaron F.
  • 895
  • 2
  • 8
  • 9
1
2 3
99 100