Basic IP Block
|
1 |
iptables -A INPUT -i eth0 -p tcp -s 1.1.1.1 -j DROP |
Allow incoming SSH
|
1 |
iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 1.1.1.1 --dport 22 -j ACCEPT |
Allow incoming SSH from a Sepcific Network
|
1 |
iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 1.1.1.1/24 --dport 22 -j ACCEPT |
Combine Multiple Ports roles
|
1 |
iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 1.1.1.1/24 --dport 22,80,443 -j ACCEPT |
Load Balance Incoming Web Traffic
|
1 2 3 |
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443 iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443 iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443 |
Prevent Dos Attack
|
1 |
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT |
Port Forwarding 422-> 22
|
1 |
iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22 |