4/22/2023 0 Comments Iptables list![]() # The -dport number is the same as in /etc/ssh/sshd_config # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) # You could modify this to only allow certain traffic A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT # Accepts all established inbound connections # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 Let's tighten that up a bit by creating a test iptables file: Note: there is a package designed to help with this: iptables-persistent This allows anyone access to anything from anywhere. # update-alternatives -set ebtables /usr/sbin/ebtables-legacy # update-alternatives -set arptables /usr/sbin/arptables-legacy # update-alternatives -set ip6tables /usr/sbin/ip6tables-legacy ![]() Switching to the legacy version: # update-alternatives -set iptables /usr/sbin/iptables-legacy # update-alternatives -set ebtables /usr/sbin/ebtables-nft # update-alternatives -set arptables /usr/sbin/arptables-nft ![]() # update-alternatives -set ip6tables /usr/sbin/ip6tables-nft The default starting with Debian 10 Buster: # update-alternatives -set iptables /usr/sbin/iptables-nft You can switch back and forth between iptables-nft and iptables-legacy by means of update-alternatives (same applies to arptables and ebtables). This also affects ip6tables, arptables and ebtables. ![]() Starting with Debian 10 Buster, nf_tables is the default backend when using iptables, by means of the iptables-nft layer (i.e, using iptables syntax with the nf_tables kernel subsystem). NOTE: the nftables framework is used by default in Debian since Debian 10 Buster. Fortunately, there are many configuration tools (wizards) available to assist, and the most interesting is probably firewalld but others include fwbuilder, bastille, ferm, ufw and opensnitch. Two of the most common uses of iptables is to provide firewall support and NAT.Ĭonfiguring iptables manually is challenging for the uninitiated. Iptables provides packet filtering, network address translation (NAT) and other packet mangling. NOTE: iptables was replaced by nftables starting in Debian 10 Buster Translation(s): English - Italiano- Español
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |