{"id":2366,"date":"2014-12-08T14:23:00","date_gmt":"2014-12-08T12:23:00","guid":{"rendered":"http:\/\/dima.fi\/blog\/?p=2366"},"modified":"2026-01-10T22:59:46","modified_gmt":"2026-01-10T20:59:46","slug":"iptables-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dima.fi\/blog\/iptables-cheat-sheet\/","title":{"rendered":"iptables cheat sheet"},"content":{"rendered":"\n

I have to do with Linux firewall iptables quite rarely, that’s why I never remember commands I need. I’m going to list them here as they will come on my way.<\/p>\n\n\n\n

List rules with line numbers:<\/p>\n\n\n\n

iptables -L --line-numbers<\/code><\/pre>\n\n\n\n
Deny all acces from IP, in case of DDOS or Auth-attack:<\/p>\n\n\n\n
iptables -A INPUT -s 61.174.50.245 -j DROP<\/code><\/pre>\n\n\n\n
Remove rule by line number:<\/p>\n\n\n\n
iptables -D INPUT 2<\/code><\/pre>\n\n\n\n
Blocking visitors by Country<\/strong><\/h2>\n\n\n\n
Get list from http:\/\/www.ip2location.com\/free\/visitor-blocker<\/a><\/p>\n\n\n\n
Create file containing ip ranges list, like block-china.txt.<\/p>\n\n\n\n
Use IPset to simplify rules.<\/p>\n\n\n\n
Creating blacklist:<\/p>\n\n\n\n
ipset create blacklist hash:net<\/code><\/pre>\n\n\n\n
Importing IP addresses from list file:<\/p>\n\n\n\n
while read line; do ipset add blacklist $line; done < block-china.txt<\/code><\/pre>\n\n\n\n
Check set by listing a content:<\/p>\n\n\n\n
ipset list blacklist<\/code><\/pre>\n\n\n\n
Deny all access from blacklist<\/em>:<\/p>\n\n\n\n
iptables -I INPUT -m set --match-set blacklist src -j DROP<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
I have to do with Linux firewall iptables quite rarely, that’s why I never remember commands I need. I’m going to list them here as they will come on my way. List rules with line numbers: Deny all acces from IP, in case of DDOS or Auth-attack: Remove rule by line number: Blocking visitors by […]<\/p>\n","protected":false},"author":1,"featured_media":2439,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.unsplash.com\/photo-1562724292-728c9b811d98?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=1080&fit=max&ixid=eyJhcHBfaWQiOjF9","fifu_image_alt":"iptables cheat sheet","footnotes":""},"categories":[133],"tags":[151,139,153,150,149,152],"class_list":["post-2366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-devs","tag-cheat-sheet","tag-dev","tag-firewall","tag-ipset","tag-iptables","tag-linux","has-thumbnail"],"_links":{"self":[{"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/posts\/2366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/comments?post=2366"}],"version-history":[{"count":3,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/posts\/2366\/revisions"}],"predecessor-version":[{"id":2438,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/posts\/2366\/revisions\/2438"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/media\/2439"}],"wp:attachment":[{"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/media?parent=2366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/categories?post=2366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dima.fi\/blog\/wp-json\/wp\/v2\/tags?post=2366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}