iptables cheat sheet


I have to do with Linux firewall iptables quite rarely, that’s why I never remember commands I need. I’m going to list them here as they will come on my way.

List rules with line numbers:

iptables -L --line-numbers

Deny all acces from IP, in case of DDOS or Auth-attack:

iptables -A INPUT -s -j DROP

Remove rule by line number:

iptables -D INPUT 2

Blocking visitors by Country

Get list from http://www.ip2location.com/free/visitor-blocker

Create file containing ip ranges list, like block-china.txt.

Use IPset to simplify rules.

Creating blacklist:

ipset create blacklist hash:net

Importing IP addresses from list file:

while read line; do ipset add blacklist $line; done < block-china.txt

Check set by listing a content:

ipset list blacklist

Deny all access from blacklist:

iptables -I INPUT -m set --match-set blacklist src -j DROP

Leave a Reply

Your email address will not be published. Required fields are marked *