linux

noob iptables cheat sheet

Notes:

  1. All rules are processed from top to down.  Once a rule is matched (with jump), the rest will be ignored.
  2. Never run iptables -F if the default rules are DROP or your system will be inaccessible.  If possible, set the default rule to ACCEPT and add iptables -A INPUT -j DROP at the end.

List all rules

iptables -L -n -v –line-numbers

Flush all chains (-F) and delete all user-defined chains chains (-X)

Note: Please ensure the default policy is ACCEPT or leave a ssh terminal before issuing

iptables -F

iptables -X

Set default policy (use with care)

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT DROP

Block incoming ip address

iptables -A INPUT -s aa.bb.cc.dd -j DROP

Block outgoing sites

iptables -A OUTPUT -p tcp -d  www.microsoft.co.uk -j DROP

Allow ping from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p icmpicmp-type echo-request -j ACCEPT

iptables -A INPUT -p icmpicmp-type echo-request -j DROP

Allow ssh from specific ip’s only

iptables -A INPUT -s 1.2.3.0/24   -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp —dport 22 -m state –state NEW,ESTABLISHED -j DROP

Block incoming web access

iptables -A input -p tcp —dport 80 -j DROP

Port forward

Forward incoming connection to another internal host (aa.bb.cc.dd:22)

iptables -t nat -A PREROUTING -I eth0 -p tcp —dport 1022 -j DNAT –to aa.bb.cc.dd:22

iptables -A FORWARD -p tcp -d aa.bb.cc.dd dport 22 -m state –state NEW,ESTABLISH -j ACCEPT

Delete a rule

iptables -L -n -v –line-numbers

iptables -D input {line-number}

 Download PDF

iptables-cheat-sheet

Advertisements

Snappy Ubuntu Core on Hyper-V

Do you want to test drive the Snappy ubuntu core on hyper-v? Here are some simple steps.

1. Download the ova file from the official ubuntu website

https://developer.ubuntu.com/en/snappy/start/#ova
http://cloud-images.ubuntu.com/ubuntu-core/15.04/core/stable/current/core-stable-amd64-cloud.ova

2. Use 7-zip (Windows) or tar (Linux) to untar the ova file
3. Use a image file converter (like virtualbox) to convert the vmdk file to vhd file.

e.g. VBoxManage.exe clonemedium core-stable-amd64-cloud-disk1.vmdk core-stable-amd64-cloud-disk1.vhd –format VHD

4. You can use standard cloud-init way to setup the system (not discuss here) or;

5. mount the VHD file in any linux machine, modify the /etc/shadow (in partition 3) to clear the root password;

6. Create a ubuntu-core machine in hyper-v and mount the vhd image.

7. Start the machine and enjoy.

Openwrt sysupgrade on x86 (barrier breaker)

WARNING: Before upgrading, you should backup the system first!!!

Disclaimer: This is just my experience.  It is not guarantee the steps listed will work on your system.

 

Openwrt upgrade on x86 can be very tricky in the old days.  However, it becomes an easy task starting from attitude adjustment (12.09) and onward.

The following lists the steps to upgrade to the latest snapshot (barrier breaker).  You should change the image to be downloaded in step 4 for the desired version.

  1. Do a full system backup to avoid any lost.  This is very import!!!
  2. login the system as root
  3. cd /tmp
  4. wget http://downloads.openwrt.org/snapshots/trunk/x86/openwrt-x86-generic-combined-ext4.img.gz
  5. sysupgrade -v /tmp/openwrt-x86-generic-combined-ext4.img.gz

Image