iptables INPUT - FORWARD - OUTPUT
Netfilter
Kernel
iptables INPUT - FORWARD (routers) - OUTPUT Netfilter Kernel
iptables -A OUTPUT -o enp0s3 -d IP -p tcp --dport 80 -j ACCEPT/REJECT/DROP/LOG iptables -A OUTPUT [-i/-o] INTERFAZ [-s/-d] IP -p [tcp/udp] [--dport/-sport] PUERTO -j ACCEPT/REJECT/DROP/LOG iptable -L iptables -P OUTPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -d 0.0.0.0/0 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT iptables-save iptables-restore
Habitualmente se usa en sistemas RedHat.
firewalld-cmd firewalld-cmd --list-services firewalld-cmd --get-services firewalld-cmd --add-service=servicio --permanent firewalld-cmd --remove-service=servicio firewalld-cmd --add-port=por=222:proto=tcp:toport=22 ls /usr/lib/firewalld/services
ufw enable ufw allow ssh ufw reject out ssh ufw status ufw delete reject out ssh ufw deny proto tcp from 10.10.0.10 to any port 22 ufw reset ufw app list ufw app info ssh ufw logging on man ufw
Quitar permiso que el usuario con ID 1000 no pueda acceder al todos los hosts en el puerto 22
iptables -I OUTPUT -o lo -p tcp --dport 5000 --match owner --uid-owner 1000 -j DROP ip6tables -I OUTPUT -o lo -p tcp --dport 5000 --match owner --uid-owner 1000 -j DROP
Reenvio del puerto 8080 al puerto 22 en la interfaz eth0
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 22
Bloqueo de un puerto 25
iptables -A INPUT -s 0.0.0.0/0 -p tcp --destination-port 25 -j DROP