> apt install iptables-persistent > cat /etc/iptables/rules.v4 > cat /etc/iptables/rules.v6 > iptables -A ... > iptables-save > /etc/iptables/rules.v4
# iptables -L -t filter
oder einfach so:
# iptables -L -n
ausführlicher so:
# iptables -L -n -v
# iptables -L -t nat
um lange DNS-Abfragen zu vermeiden, besser so:
# iptables -L -n -t nat
ausführlicher so:
# iptables -L -n -v -t nat
# iptables-save > /etc/firewall.conf # echo "#!/bin/sh" > /etc/network/if-up.d/iptables # echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables # chmod 0755 /etc/network/if-up.d/iptables
Die Regeln, die so reingeschrieben werden (man achte auf das -A ⇒ add):
# iptables -t nat -A PREROUTING -d 192.186.0.65 -j DNAT --to-destination 192.186.0.101 # iptables -t nat -A POSTROUTING -s 192.186.0.101 -j SNAT --to-source 192.186.0.65
Regeln anzeigen (man achte auf das -L ⇒ list):
# iptables -L -n -t nat
…können so wieder entfernt werden (man achte auf das -D ⇒ delete):
# iptables -t nat -D PREROUTING -d 192.186.0.65 -j DNAT --to-destination 192.186.0.101 # iptables -t nat -D POSTROUTING -s 192.186.0.101 -j SNAT --to-source 192.186.0.65
# iptables -L -n -t nat --line-numbers Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT all -- 0.0.0.0/0 192.186.0.65 to:192.186.0.101 Chain INPUT (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 SNAT all -- 192.186.0.101 0.0.0.0/0 to:192.186.0.65 # iptables -t nat -D PREROUTING 1 # iptables -t nat -D POSTROUTING 1
# iptables -F -t nat # iptables -P INPUT DROP # iptables -F INPUT # iptables -P OUTPUT DROP # iptables -F OUTPUT # iptables -P FORWARD DROP # iptables -F FORWARD