Posts Tagged ‘iptables’

Iptables – Add FTP passive support

October 17th, 2010

Adding passive FTP support to iptables is very easy. Type the following:

first to add support on the currently running system

sudo modprobe ip_nat_ftp
sudo modprobe ip_conntrack_ftp

This will add support on the running iptables

Next modify the file

sudo vi /etc/modules  (/etc/modprob.conf for redhat/centos)

and add the following 2 lines to the bottom

ip_nat_ftp
ip_conntrack_ftp

This will load it on the next reboot. Passive FTP should now work.

if you found this helpful feel free to donate to:
ZEC: t1NQp1UuqQbmnXzazbLTSreS2AbaZpRBuTM
LTC: LZyNF1qkBUA7XFz83m5xwzGgmmj1owQn9d
BTC: 1PY95KFPTEJTR7f2NnSgaB6xB9pwDJkcJz

Iptables – Basic command line configuration commands

February 26th, 2010

This is a list of basic commands to use/manage iptables.

View Running:     iptables -L -n
Save running:     iptables-save > filename
Load file:     iptables-load < filename
Stop IPtables:     /etc/init.d/iptables stop
Start iptables: /etc/init.d/iptables start
Save rules:     /etc/init.d/iptables save

Deleting a rule:     iptables -D INPUT -s "207.58.140.12" -j DROP
Blocking IP:          iptables -I INPUT -s "207.58.140.12" -j DROP
Blocking IP range:     iptables -I INPUT -s "207.58.140.0/24" -j DROP

Blocking all connections to a port: 
iptables -A INPUT -p tcp --dport port# -j REJECT
Allow an IP on a Blocked Port:
iptables -A INPUT -p tcp -s 192.168.0.0/16 --dport port# -j ACCEPT
note: port# = 21,22,3389 etc... 

These basic rules should allow you to manage iptables from the command line

if you found this helpful feel free to donate to:
ZEC: t1NQp1UuqQbmnXzazbLTSreS2AbaZpRBuTM
LTC: LZyNF1qkBUA7XFz83m5xwzGgmmj1owQn9d
BTC: 1PY95KFPTEJTR7f2NnSgaB6xB9pwDJkcJz