iptables
iptables [-t table] command [match] [target/jump]
-t table: the default is for filter table; otherwise you must use the -t flag;
command must come first or right after the table specification; it is used to insert, add or delete a rule;
iptables -m tos -h
This lists the TOS match types.
iptables commands list
-A, –append appends the rule to the end of a chain
iptables -A rule_to_append
-D, –delete (deletes a rule)
iptables -D exact_rule_to_delete
iptables -D ‘chain’ number
-R, –replace (replaces a rule)
-I, –insert (inserts a new rule at the specified position in the chain)
iptables -I INPUT 1 –dport 80 -j ACCEPT
The above will insert the rule in the INPUT chain on the first position.
-L (lists the rules in a chain)
iptables -L [chain]
You can specify no chain in which case all the rules will be listed.
-F, –flush
iptables -F [chain]
This deletes all rules (from the specified chain if you specify one).
-Z, –zero
iptables -Z [chain]
This will reset all counters for the specified chain.
-N, –new-chain
iptables -N ‘custom_chain’
This will create a new (custom) chain.
-X, –delete-chain
The chain to be deteleted must be empty.
-P, –policy
iptables -P chain target
target can be DROP or ACCEPT.
-E, –rename-chain
iptables -E old_chain new_name
iptables options
-v, –verbose
This can be used with list, insert, append, delete, replace. Used with list, this lists the interface address, TOS and masks. Used along with the -x option it will also lists the exact counters for packets and bytes. Used with insert, append, delete or replace it will output detailed information on how the rules was interpreted and if it was accepted.
-x, –exact
See above. Only relevant to list.
-n, –numeric
This will output numeric values. Only relevant to list. IPs and port numbers will be listed istead of the host, network or application names (which is the default).
–line-numbers
This is only relevant to list. It displays the rule number.
-c, –set-counters
This is relevant to insert, append and replace. It initialises the counters for a rule.
–set-counter 20 4000
This would be used to set the counters to 20 packets and 4000 bytes.
–modprobe
This is relevant to all commands and it’s used to tell iptables which module to use when probing for modules or adding them to the kernel.
iptables-save
iptables-save -c -t > file
-c flag does not reset the packet and byte counters
-t can be used to specify a specific table to be saved
iptables-restore
cat text_file > iptables-restore -c -n
-c flag keeps the packet and byte counters from the file
-n does not overwrite the current rules from iptables (the default is to flush all rules previous to import)
Audit tools
– nmap
– nessus