Iptables (Debian): Unterschied zwischen den Versionen

Commands

General Commands

iptables-save > iptables.rules          # Export iptables rules to iptables.rules
iptables-restore < iptables.rules       # Import iptables rules from iptables.rules
iptables -L                             # List active iptables
iptables -L -v                          # List active iptables and show adapters
iptables -S                             # List active in iptables-save-format
iptables -F                             # Flush active rules

In case of iptables -L being very slow try:

iptables -L -n                          # List active iptables with numeric output

Parameter -n leads to showing numeric values. This prevents reverse DNS lookup for IP Adresses possibly slowing the whole process.

Create Blocking Rules Manually

Block individual IP address:

iptables -A INPUT -s 1.2.3.4 -j DROP

Works with range of IP addresses as well:

iptables -A INPUT -s 1.2.3.0/24 -j DROP

Make it permanent then:

netfilter-persistent save

Checking How Many Packets Dropped

iptables -L INPUT -v --line-numbers

iptables on Debian

Add iptables Rule File

Copy iptables.rules to /etc

chown root:root iptables.rules
chmod 600 iptables.rules
iptables-restore < iptables.rules

Check, if still works.

Enable Automatic Load of Rules at Startup

Copy iptables-restore script to /etc/network/if-pre-up.d/

Add execution permissions:

chmod +x iptables

The package iptables-persistent which also can be used for persisting iptables:

# apt-get install iptables-persistent

Blacklisting with ipset with Automatic Updates

See: https://github.com/trick77/ipset-blacklist