=>Check whether the Kernel is supported for the the IPTABLES
# less /boo/config* | grep -i config_netfilter
it should set to 'y'.
=> There are three default tables :-
1. Mangle to alter the packet (TCP n UDP)
2. NAT to translate the IP Address
3. Filter to filter the packet in three chains (INPUT, FORWARD, OUTPUT)
=>These tables contains chains within it and within chains rules are written.
=> Syntax goes like this
# iptables
chain action => Append/Insert/Replace
Name of tables => by default filter/ mangle/nat/user-defined
ip address => -s --source -src / -d --destination -dst
Protocol:port => -p
actions => -J ACCEPT/DENY/DROP/REJECT/LOG/user-defined chain
=> to block source IP <192.168.100.100> from communication with our system, Pls Append this in INPUT chains
# iptables -A INPUT -s 192.168.100.100 -j DROP
=> to block SSH and place the rule at 1 position
# iptables -I INPUT 1 -p tcp --dport 22 -j DROP
=> to save these rules in kernel
# iptables -save
=> to list this rule
# iptables -L -t filter -n -v --line-numbers
=> To delete the rule number two or SSH rule
# iptables -D INPUT 2
or
# iptables -D INPUT -p tcp --dport 22 -j DROP
=> To replace the rule number (change the source address)
# iptables -R INPUT 1 -s 192.168.100.200 -j DENY
=> To backup the iptables
# iptables -save > filename
=>To restore the iptables
# iptable -restore < filename USER-Defined Chain is used to process the packet => To create new chain
# iptables -N INCOMING
=> To replace the rule to process the packet in INCOMING chain and Deny SSH access & permit FTP access for this host.
# iptables -R INPUT 1 -s 192.168.100.200 -j INCOMING
# iptables -A INCOMING -p tcp --dport ssh -j DROP
# iptables -A INCOMING -p tcp --dport 21 -J ACCEPT
# iptables -save
=> To change the name of 'INCOMING' chain to 'INTERNAL'
# iptbales -E INCOMING INTERNAL
All default policy for chains are set to ACCEPT that can be changed to DROP using this command
#iptables -P INPUT DROP
to be continued.........