Iptables5/31/2023 ![]() ![]() Pkts bytes target prot opt in out source destinationĠ 0 DROP all - * * 192.168.2.0/24 0.0.0.0/0 /* Block HR Subnet from Media Server */ ~]$ sudo iptables -L -vnĬhain INPUT (policy ACCEPT 83599 packets, 198M bytes) ~]$ sudo iptables -I INPUT -p all -s 192.168.2.0/24 -j DROP -m comment -comment "Block HR Subnet from Media Server" Obviously, we do not want the HR people accessing our secret media server. In this next example, we will be DROP all traffic coming from a specific subnet. ![]() Add comments to your iptables rules to explain why this was put in place like so: iptables -I INPUT -p tcp -s 192.168.1.66 -dport 443 -j ACCEPT -m comment -comment "HTTPS from Joe's Workstation" Will they know why this was done? Simple. But how about a couple years from now when another admin comes and looks at the firewall configuration. Let's say you want to allow Joe's workstation to access your machine on HTTPS, which is TCP port 443. The above can be appended to the end of any IPTables rule. The basic syntax of a comment is: -m comment -comment "This is a comment" If you are unfamiliar with IPTables, you can read " Basics of IPTables". So in this Linux quick tip we will show you how to easily add comments to IPTables rules. These comments allow others to easily identify what the rules do, especially if you are using specific source IP addresses. ![]() Just like a long script, it is helpful to put comments. Although a firewall configuration with a lot of rules can still be difficult to read. I find it to be the best tool for the job on 90% of systems I work on. ![]() However, in my opinion IPTables/Netfilter still reigns supreme. Most distro's have made firewalld, UFW, or some other fancy program their default firewalls. ![]()
0 Comments
Leave a Reply. |