Skip to content

Instantly share code, notes, and snippets.

@dreamfarer

dreamfarer/iptables-parameters.md

Last active August 10, 2024 13:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dreamfarer/8a89a9223a9f651eb394a82b9ee12cfc to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dreamfarer/8a89a9223a9f651eb394a82b9ee12cfc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
iptables-parameters.md

iptables Parameters

  • -p (--protocol):

    • Specifies the protocol for the rule (e.g., tcp, udp, icmp, or all for any protocol).

  • -s (--source):

    • Specifies the source IP address or network (e.g., 192.168.1.1 or 192.168.1.0/24).

  • -d (--destination):

    • Specifies the destination IP address or network.

  • -i (--in-interface):

    • Specifies the incoming network interface (e.g., eth0).

  • -o (--out-interface):

    • Specifies the outgoing network interface.

  • -j (--jump):

    • Specifies the target of the rule, i.e., what action to take (ACCEPT, DROP, REJECT, LOG, etc.).

  • -m (--match):

    • Allows the use of extended matches, which load additional modules (e.g., state, tcp, multiport, conntrack).

  • -A (--append):

    • Appends a rule to a specific chain (e.g., INPUT, OUTPUT, FORWARD).

  • -I (--insert):

    • Inserts a rule at a specific position in a chain.

  • -D (--delete):

    • Deletes a specific rule from a chain.

  • -R (--replace):

    • Replaces a rule at a specific position in a chain.

  • -L (--list):

    • Lists all rules in a chain or all chains.

  • -v (--verbose):

    • Displays detailed information when listing rules.

  • -n (--numeric):

    • Displays IP addresses and port numbers in numeric format (avoiding DNS lookups).

  • -t (--table):

    • Specifies the table to which the command applies (e.g., filter, nat, mangle).

  • --sport (--source-port):

    • Specifies the source port (commonly used with -p tcp or -p udp).

  • --dport (--destination-port):

    • Specifies the destination port.

  • --state:

    • Used with the state match to specify connection states (e.g., NEW, ESTABLISHED, RELATED).

  • -c (--set-counters):

    • Initializes packet and byte counters for a rule.

  • -g (--goto):

    • Jumps to a specific chain within the current table, similar to -j but doesn't return.

  • --uid-owner:

    • Matches packets based on the user ID of the process that generated them.

  • --gid-owner:

    • Matches packets based on the group ID of the process that generated them.

  • --limit:

    • Limits the packet match rate (e.g., --limit 5/sec).

  • --log-prefix:

    • Used with the LOG target to add a prefix to log messages.

  • --icmp-type:

    • Used with -p icmp to specify the type of ICMP message.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment