Zenuncl Wiki

Genius only means hard-working all one's life...
Zenuncl
[email protected]
Independent Software Developer DevOps | Open Source
Homepage
Changelog
Database
Backup PostgreSQL
Gaming
Don't Starve Together
Git
Git Branching Model Git Commit Style
Hardware
HPE-ssacli iLO-SSH
Linux & MacOS
Shell
Virtualization
ESXi
Networking
NAT UniFi iptables Packet Flow
Security
Let's Encrypt
Server
SSH crontab ethtool Hostname Conventions NGINX
Sysadmin
Server Backup
Networking

iptables

/ networking / iptables

# INPUT

Workign on this

# OUTPUT

# DNS Blocking

(May not working)

iptables -I OUTPUT -p udp --dport 53 -m string --string facebook --algo bm -j DROP

# Routing

# POST Routing

iptables -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE

# Masquerade

iptables -t nat -A POSTROUTING -j MASQUERADE

# PRE Routing

iptables -A PREROUTING -i eth0 -p tcp -m tcp -s 100.100.100.5 -d 192.168.1.30 --dport 443 -j DNAT --to-destination 192.168.1.100:443

# Port Forwarding

Forward traffic on port 2222 to IP 10.1.1.2 on port 22

iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.1.1.2:22

# ICMP

Disable PING and MTR / traceroute request

For iptables rules

iptables -A OUTPUT -p icmp  --icmp-type 0 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 8 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 11 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 30 -j DROP

To disable traceroute

iptables -A INPUT -p icmp -m ttl --ttl-eq 1 -j DROP
iptables -A INPUT -p udp -m ttl --ttl-eq 1 -j DROP
iptables -A INPUT -p tcp -m ttl --ttl-eq 1 -j DROP

***Reference: ***

Last Update: 2024-11-11 03:24:28 Source File

Copyright © Zenuncl Wiki Porwered By MinoriWiki