iptables - mwicat/personal GitHub Wiki

Persistent iptables

sudo apt-get install iptables-persistent

sudo vi /etc/iptables/rules.v4

format:

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

NAT Setup

sudo apt-get install dnsmasq
sudo ip addr add 192.168.0.1/24 dev eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo net.ipv4.ip_forward=1 | sudo tee -a /etc/sysctl.conf

extif=eth0
intif=eth1
/sbin/iptables -t nat -A POSTROUTING -o $extif -j MASQUERADE
/sbin/iptables -A FORWARD -i $extif -o $intif -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $intif -o $extif -j ACCEPT

Transparent proxy

sudo iptables -t nat -A PREROUTING -p tcp -m tcp -i wlan0 --dport 7777 -j REDIRECT --to-port 8888
sudo iptables -t nat -A POSTROUTING -s 192.168.0.101 -d 0.0.0.0/0 -j SNAT --to-source 192.168.0.103

Block forwarding on destination port

sudo iptables -A FORWARD -p tcp -m tcp -i wlan0 --dport 2121 -j REJECT

Drop connections to local port

sudo iptables -A INPUT -p tcp --destination-port 80 -j DROP
sudo iptables -A INPUT -p tcp --destination-port 443 -j DROP

Stop dropping connection to local port

sudo iptables -D INPUT -p tcp --destination-port 80 -j DROP
sudo iptables -D INPUT -p tcp --destination-port 443 -j DROP