diff options
Diffstat (limited to 'md/writeup/using_iptables.md')
| -rw-r--r-- | md/writeup/using_iptables.md | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/md/writeup/using_iptables.md b/md/writeup/using_iptables.md index 74b073b..9185354 100644 --- a/md/writeup/using_iptables.md +++ b/md/writeup/using_iptables.md @@ -114,13 +114,13 @@ the __PREROUTING__ and __OUTPUT__ chains of the nat table. ### List all rulles -``` +```sh iptables -L ``` List iptables rulles with extra output that could be usefull -``` +```sh iptables -nL -v --line-numbers ``` @@ -128,12 +128,12 @@ iptables -nL -v --line-numbers To delete specific rulle run -``` +```sh iptables -nL -v --line-numbers ``` search for chain and rulle number and delete it with next line -``` +```sh iptables -D [chain_name] [line_number] ``` @@ -141,19 +141,19 @@ iptables -D [chain_name] [line_number] Save iptable rulles to file -``` +```sh iptables-save > /tmp/cool.rulles ``` Load rulles from file -``` +```sh iptables-restore < /tmp/cool.rules ``` ### Remove chain -``` +```sh iptales -X chain_name ``` @@ -161,7 +161,7 @@ iptales -X chain_name Createing chain where ping related rules will be located -``` +```sh iptables -N ping_in iptables -t filter -A INPUT -j ping_in iptables -N ping_out @@ -170,7 +170,7 @@ iptables -t filter -A OUTPUT -j ping_out After creating chains output looks like -``` +```sh Chain INPUT (policy ACCEPT) target prot opt source destination ping_in all -- anywhere anywhere @@ -194,7 +194,7 @@ target prot opt source destination Lets block if someone tryes to ping us, juct block usual ping echo request, not blocking ICMP protocol as such. -``` +```sh iptables -A ping_in -p icmp --icmp-type echo-request -j REJECT iptables -A ping_out -p icmp --icmp-type echo-reply -j DROP ``` @@ -203,7 +203,7 @@ iptables -A ping_out -p icmp --icmp-type echo-reply -j DROP If dont whant to use ping, or dont whant that other use pinging -``` +```sh iptables -A ping_out -p icmp --icmp-type echo-request -j DROP iptables -A ping_in -p icmp --icmp-type echo-reply -j DROP ``` @@ -212,13 +212,13 @@ iptables -A ping_in -p icmp --icmp-type echo-reply -j DROP Forward ports -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport <incoming-port> -j REDIRECT --to-port <destination-port> ``` Forward port to different ip -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.5:8080 ``` @@ -227,17 +227,17 @@ iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168 Check if ip forwarding is set -``` +```sh cat /proc/sys/net/ipv4/ip_forward ``` if _0_ then not, set to _1_ -``` +```sh echo 1 > /proc/sys/net/ipv4/ip_forward ``` -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 216.58.213.174:80 iptables -t nat -A POSTROUTING -j MASQUERADE ``` @@ -246,7 +246,7 @@ iptables -t nat -A POSTROUTING -j MASQUERADE Usefull command to see with ports are used and programm that are using -``` +```sh netstat -tulpn ``` @@ -268,7 +268,7 @@ If there is some unwanted service running, or you dont whant in future that it trying to make some connection without your allowance. Lets block port as such. -``` +```sh iptables -A INPUT -p tcp --dport 25 -j DROP iptables -A INPUT -p udp --dport 25 -j DROP ``` @@ -278,7 +278,7 @@ iptables -A INPUT -p udp --dport 25 -j DROP #### Incoming ip Lets block just incoming ip -``` +```sh iptables -A INPUT -s 8.8.8.8 -j DROP ``` @@ -286,7 +286,7 @@ iptables -A INPUT -s 8.8.8.8 -j DROP Block ip to access specific port -``` +```sh iptables -A INPUT -s 8.8.8.8 -p tcp --destination-port 25 -j DROP ``` @@ -294,14 +294,14 @@ iptables -A INPUT -s 8.8.8.8 -p tcp --destination-port 25 -j DROP There is possble to make iptables basing on user id -``` +```sh iptables -A OUTPUT -m owner --uid-owner {USERNAME} -j DROP ``` ### Block by state You can block some ports, but if you whant that ESTABLISHED connections are still there. Then there is possible to match specific connection state -``` +```sh iptables -A INPUT -m state --state NEW -j DROP -s 86.159.18.180 ``` @@ -310,7 +310,7 @@ iptables -A INPUT -m state --state NEW -j DROP -s 86.159.18.180 There is quite common that ANNONYMOUSE users have higher chance to abuse services. Also some website provides list of exit nodes. Here we going to add to new iptables chai list of IPs gathered from public source -``` +```sh wget -c https://www.dan.me.uk/torlist/ > tor.list iptables -N TOR iptables -t filter -A INPUT -j TOR @@ -321,7 +321,7 @@ cat /tmp/tor.list | uniq | sort | xargs iptables -A TOR -j DROP -s Log droppend packages -``` +```sh iptables -A INPUT -m limit --limit 2/min -j LOG --log-level 4 --log-prefix 'In2/m ' ``` |