Iptables Rule Generator
Generated Rule:
iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. These rules define how incoming and outgoing network packets are handled by the system.
Syntax of an iptables Rule
Understanding the syntax of an iptables rule is crucial for effectively managing network traffic. An iptables rule consists of several components
| Component | Description | Example |
|---|---|---|
| Action | Specifies the action to take on a chain | -A (append), -I (insert), -D (delete) |
| Chain | The chain to which the rule is added | INPUT, OUTPUT, FORWARD |
| Protocol | Specifies the protocol to match | -p tcp, -p udp, -p icmp |
| Source | Matches packets from a specific source IP address | -s 192.168.1.100 |
| Destination | Matches packets to a specific destination IP address | -d 192.168.1.200 |
| Source Port | Matches packets from a specific source port | –sport 80 |
| Destination Port | Matches packets to a specific destination port | –dport 22 |
| Match | Specifies additional matching criteria | -m state –state NEW, -m tcp –dport 80 |
| Target | Specifies the action to take on matching packets | -j ACCEPT, -j DROP, -j REJECT |
| Interface | Matches packets coming in or going out through a specific interface | -i eth0 (incoming), -o eth0 (outgoing) |
Example of an iptables Rule
Suppose we want to allow incoming SSH connections (which use TCP port 22) from a specific IP address (192.168.1.100) and drop all other incoming SSH connections. Here are the rules to achieve this:
Allow SSH from a specific IP address:
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPTDrop all other incoming SSH connections:
iptables -A INPUT -p tcp --dport 22 -j DROPThese rules ensure that only SSH connections from 192.168.1.100 are allowed, while all other SSH connection attempts are dropped.
