====== iptables ======

  * [[https://der-linux-admin.de/2013/12/alle-iptables-regeln-entfernen/]]
  * [[https://www.codeflow.site/de/article/how-to-list-and-delete-iptables-firewall-rules]]
  * [[https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules]]

  > apt install iptables-persistent
  > cat /etc/iptables/rules.v4
  > cat /etc/iptables/rules.v6
  > iptables -A ...
  > iptables-save > /etc/iptables/rules.v4


===== Regeln anzeigen =====


==== Filter ====

  # iptables -L -t filter

oder einfach so:
  # iptables -L -n

ausführlicher so:
  # iptables -L -n -v


==== NAT ====

  # iptables -L -t nat

um lange DNS-Abfragen zu vermeiden, besser so:
  # iptables -L -n -t nat

ausführlicher so:
  # iptables -L -n -v -t nat


===== Regeln Boot-fest machen =====

  # iptables-save > /etc/firewall.conf
  
  # echo "#!/bin/sh" > /etc/network/if-up.d/iptables 
  # echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables 
  # chmod 0755 /etc/network/if-up.d/iptables


===== bestimmte Regeln löschen =====


==== nach Aufruf ====

Die Regeln, die so reingeschrieben werden (man achte auf das ''-A'' => //add//):
  # iptables -t nat -A PREROUTING -d 192.186.0.65 -j DNAT --to-destination 192.186.0.101
  # iptables -t nat -A POSTROUTING -s 192.186.0.101 -j SNAT --to-source 192.186.0.65

Regeln anzeigen (man achte auf das ''-L'' => //list//):
  # iptables -L -n -t nat

...können so wieder entfernt werden (man achte auf das ''-D'' => //delete//):
  # iptables -t nat -D PREROUTING -d 192.186.0.65 -j DNAT --to-destination 192.186.0.101
  # iptables -t nat -D POSTROUTING -s 192.186.0.101 -j SNAT --to-source 192.186.0.65


==== nach Nummer ====

  # iptables -L -n -t nat --line-numbers
  Chain PREROUTING (policy ACCEPT)
  num  target     prot opt source               destination         
  1    DNAT       all  --  0.0.0.0/0            192.186.0.65           to:192.186.0.101
  
  Chain INPUT (policy ACCEPT)
  num  target     prot opt source               destination         
  
  Chain OUTPUT (policy ACCEPT)
  num  target     prot opt source               destination         
  
  Chain POSTROUTING (policy ACCEPT)
  num  target     prot opt source               destination         
  1    SNAT       all  --  192.186.0.101          0.0.0.0/0            to:192.186.0.65
  
  
  # iptables -t nat -D PREROUTING 1
  
  # iptables -t nat -D POSTROUTING 1


===== ALLE Regeln flushen =====

  # iptables -F -t nat
  
  # iptables -P INPUT DROP
  # iptables -F INPUT
  # iptables -P OUTPUT DROP
  # iptables -F OUTPUT
  # iptables -P FORWARD DROP
  # iptables -F FORWARD