title: iptables
category: Networking
time: 1483943961503
---
# INPUT
*Workign on this*

# OUTPUT

## DNS Blocking
(*May not working*)
```
iptables -I OUTPUT -p udp --dport 53 -m string --string facebook --algo bm -j DROP
```


# Routing

## POST Routing
```
iptables -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE
```

### Masquerade
```
iptables -t nat -A POSTROUTING -j MASQUERADE
```

## PRE Routing
```
iptables -A PREROUTING -i eth0 -p tcp -m tcp -s 100.100.100.5 -d 192.168.1.30 --dport 443 -j DNAT --to-destination 192.168.1.100:443
```

### Port Forwarding

Forward traffic on port 2222 to IP 10.1.1.2 on port 22
```
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.1.1.2:22
```

# ICMP 

Disable PING and MTR / traceroute request

For iptables rules
```
iptables -A OUTPUT -p icmp  --icmp-type 0 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 8 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 11 -j DROP
iptables -A OUTPUT -p icmp  --icmp-type 30 -j DROP
```

To disable traceroute
```
iptables -A INPUT -p icmp -m ttl --ttl-eq 1 -j DROP
iptables -A INPUT -p udp -m ttl --ttl-eq 1 -j DROP
iptables -A INPUT -p tcp -m ttl --ttl-eq 1 -j DROP
```

***Reference: ***
- [System Security Configuration - PhoenixWiki](https://wiki.phoenixlzx.com/page/system-security-config/)