Iptables Cheatsheet

From time to time I find myself having to go through man pages and googling for some simple iptable rules. This post is meant as a cheatsheet for me, so I can concentrate here various rules and remarks.

I hope others will benefit from this cheatsheet as well. Intend to expand it over time as I gather more rules and tips, so bookmarking the post might be a good idea. Last but not least, if you have some useful iptables rules I’ve missed please send them using the comments.

Blocking specific IPs

iptables -I INPUT -s "207.58.140.12" -j DROP

Blocking a range of IPs (IP block)

iptables -I INPUT -s "207.58.140.0/24" -j DROP

The number after the slash (/) determines the number of bits (starting with the most significant one) considered when matching an IP address. For example the above rule will block any packets from 207.58.140.* . Other useful number of bits are 16 (for matching the first two octets) and 8 (only the first octet).

Deleting rules

Just specify the rule after a -D flag. E.g.

iptables -D INPUT -s "207.58.140.12" -j DROP

Saving new rules

/etc/init.d/iptables save

Leave a Reply

Your email address will not be published. Required fields are marked *