Cheatsheets
Linux Administration - Firewalls
[top]
iptables
Files
/proc/net/ip_tables_match
/proc/net/ip_tables_names
/proc/net/ip_tables_targetsCommands
iptables -L -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination iptables -t filter -F FORWARD iptables -t filter -P FORWARD DROP iptables [-t table] -A [FORWARD/INPUT/OUTPUT] selection-criteria -j [ACCEPT/REJECT/DROP]-p [tcp,udp,icmp,all] - protocal type
--source-port, -sport [port:port] - source port range
--destination-port, -dport [port:port] - destination port range
--source, -s [ip] - source ip address
--destination, -d [ip] - destination ip address
--in-interface, I [interface_name] - interface packets arrive on
--out-interface, o [interface_name] - interface packets leave on
--state [NEW/ESTABLISHED/RELATED/INVALID] - block connection attempts to certain ports while also enabling
connections from those same ports. (stateful packet inspection)[top] TCP Wrappers
Files
/etc/hosts.allow - specifies computers allowed to connect to system (man hosts.allow)
/etc/hosts.deny - specifies computer NOT allowed to connect to system (man hosts.deny)
format: daemon-list : client-listclient-list = list of computers by name or IP address
[top] xinetd
Files
/etc/xinetd.conf - configuration file
/etc/xinetd.d - directory of related script filesDirectives - /etc/xinetd.d
bind - listen on only one network interface for a specified service
only_from - accept connections only from specified IP addresses, networks or computer names.
no_access - deny connections from specified IP addresses, networks or computer names.
access_times - times when users can access the system (10:00-20:00)
