{"id":1281,"date":"2021-11-20T09:36:51","date_gmt":"2021-11-20T09:36:51","guid":{"rendered":"https:\/\/matob.web.id\/news\/?p=1281"},"modified":"2021-11-20T09:38:23","modified_gmt":"2021-11-20T09:38:23","slug":"basic-iptables-commands-on-linux","status":"publish","type":"post","link":"https:\/\/matob.web.id\/news\/basic-iptables-commands-on-linux\/","title":{"rendered":"Basic Iptables Commands on Linux"},"content":{"rendered":"<p>Getting to Know the <a href=\"https:\/\/matob.web.id\/news\/basic-iptables-commands-on-linux\/\">Basic Iptables Commands<\/a> on Linux for beginner . This time <a href=\"https:\/\/matob.web.id\/news\/\">Matob<\/a> will only discuss the basics of iptables on GNU\/Linux. Iptables itself is a firewall rule that is used to regulate the entry and exit of traffic on the network on the Linux system that we use. In short, iptables is a data traffic controller on the GNU\/Linux system that we use.<\/p>\n<p>Since the mid 90&#8217;s Linux has inserted a new feature, namely the existence of a firewall.\u00a0This technology has undergone several changes (the previous generation was known as ipfwadm or ipchains) and now what we know as packet filtering is iptables. Rules or parameters that can be used on Iptables itself are the same in all distributions.\u00a0So even if you are using a Debian family distro, a RHELL family distro, or another distro, the commands or options are the same.<\/p>\n<h2><strong>Rule Table in IPtables<\/strong><\/h2>\n<ul>\n<li>Filter \u2013 Specifies the packet to be DROP, LOG, ACCEPT, or REJECT.<\/li>\n<li>NAT \u2013 Translate (change) the origin or destination address of a packet.<\/li>\n<li>Mangle &#8211; Performs smoothing (mangle) on data packets such as TTL, TOS, and MARK.<\/li>\n<\/ul>\n<p>Each table above has rules or rules called\u00a0<strong>chains<\/strong>\u00a0. The filter has 3 chains:<\/p>\n<ul>\n<li>FORWARD: Performs a packet filter that will be forwarded from one NIC to another NIC as a function on a router<\/li>\n<li>INPUT: Performs a packet filter intended for the firewall.<\/li>\n<li>OUTPUT: Performs a packet filter that will exit the firewall.<\/li>\n<\/ul>\n<p><strong>NAT<\/strong>\u00a0has 3 chains:<\/p>\n<ul>\n<li>PRE-ROUTING: Used to translate addresses before the routing process occurs, ie changing the destination IP of the data packet is usually called Destination NAT or DNAT.<\/li>\n<li>POST-ROUTING: Used to translate addresses after the routing process occurs, namely changing the source IP of the data packets, usually called Source NAT or SNAT.<\/li>\n<li>OUTPUT: Used to translate the address of data packets coming from the firewall itself.<\/li>\n<\/ul>\n<p>Mangle has 5 chains: Mangle itself has 5 chains, namely PREROUTING, POSTROUTING, INPUT, OUTPUT, FORWARD. All chains are assigned to TCP Packet Quality of Service before the routing process is executed.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1282\" src=\"https:\/\/matob.web.id\/news\/wp-content\/uploads\/sites\/4\/2021\/11\/Basic-Iptables-Commands-on-Linux.jpg\" alt=\"Basic Iptables Commands on Linux\" width=\"512\" height=\"285\" title=\"\" srcset=\"https:\/\/matob.web.id\/news\/wp-content\/uploads\/sites\/4\/2021\/11\/Basic-Iptables-Commands-on-Linux.jpg 512w, https:\/\/matob.web.id\/news\/wp-content\/uploads\/sites\/4\/2021\/11\/Basic-Iptables-Commands-on-Linux-300x167.jpg 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/p>\n<h2><strong>COMMAND<\/strong><\/h2>\n<p><strong>Commands<\/strong>\u00a0and rules installed in iptables (<a href=\"https:\/\/matob.web.id\/news\/the-importance-of-cybersecurity-systems-to-drive-digital-transformation-in-the-middle-of-a-pandemic\/\">firewall<\/a>) have conditions.\u00a0Basically iptables on a computer is considered an IP TABLE according to its name.\u00a0The system will only run the existing rules in the table.\u00a0While the existing rules in iptables can also be deleted or replaced with other rules.\u00a0Here are some commands for adding, deleting and similar operations that will be treated against the rule. List of Commands with description<\/p>\n<ul>\n<li>-A or\u00a0<strong>&#8211;append<\/strong>\u00a0\u2014 Add a rule<\/li>\n<li>-D or\u00a0<strong>&#8211;delete<\/strong>\u00a0\u2014\u00a0<strong>Deletes<\/strong>\u00a0the rule<\/li>\n<li>-R or\u00a0<strong>&#8211;replace<\/strong>\u00a0\u2014\u00a0<strong>Replacing<\/strong>\u00a0rule<\/li>\n<li>-L or\u00a0<strong>&#8211;list<\/strong>\u00a0\u2014 Displays a list of iptables<\/li>\n<li>-F or\u00a0<strong>&#8211;flush<\/strong>\u00a0\u2014 Clear iptables list\/empty<\/li>\n<li>-I or\u00a0<strong>&#8211;insert<\/strong>\u00a0\u2014\u00a0<strong>Insert<\/strong>\u00a0rule<\/li>\n<li>-N or\u00a0<strong>&#8211;new-chain<\/strong>\u00a0\u2014 Add a new chain<\/li>\n<li>-X or\u00a0<strong>&#8211;delete-chain<\/strong>\u00a0\u2014 Deletes a chain<\/li>\n<li>-P or\u00a0<strong>&#8211;policy<\/strong>\u00a0\u2014 Provide standard rules<\/li>\n<li>-E or\u00a0<strong>&#8211;rename -Provides<\/strong>\u00a0a name replacement<\/li>\n<li>-h or\u00a0<strong>&#8211;help<\/strong>\u00a0\u2014 Displays the help . facility<\/li>\n<\/ul>\n<h2><strong>PARAMETER<\/strong><\/h2>\n<p>The iptables parameter is used as a necessary complement for the purpose of the rule specification<\/p>\n<ul>\n<li>-p or\u00a0<strong>&#8211;protocol -This<\/strong>\u00a0parameter specifies the treatment of the protocol.<\/li>\n<li>-m or\u00a0<strong>&#8211;match-option<\/strong>\u00a0-is similar to &#8211;p but the module is used and is free to specify the name of the module to be used and vary it in subsequent commands.<\/li>\n<li>-s or\u00a0<strong>&#8211;source<\/strong>\u00a0\u2014 hostname\/ip address.<\/li>\n<li>-d or\u00a0<strong>&#8211;destination<\/strong>\u00a0\u2014 etc. Parameters for specifying the destination of the packet.<\/li>\n<li>-j or\u00a0<strong>&#8211;jump<\/strong>\u00a0\u2014\u00a0<strong>returns a<\/strong>\u00a0decision after the data packet matches the rule.<\/li>\n<li>-i or\u00a0<strong>&#8211;in-interface<\/strong>\u00a0\u2014 Enter through the interface (eth0, eth1 etc.).<\/li>\n<li>-o or\u00a0<strong>&#8211;out-interface<\/strong>\u00a0\u2014 alias name of the interface that will send the packet out (in the FORWARD or OUTPUT and POSTROUTING chains).<\/li>\n<li>-c or\u00a0<strong>&#8211;counter<\/strong>\u00a0\u2014 to count packets passing through a rule.<\/li>\n<li>-n or\u00a0<strong>&#8211;numeric<\/strong>\u00a0\u2014 displays numeric output such as hostname or ip or port or network name.<\/li>\n<li>-v or\u00a0<strong>&#8211;verbose<\/strong>\u00a0\u2014 which means to display the information in its entirety.<\/li>\n<\/ul>\n<p><strong>TARGET<\/strong><\/p>\n<p>Target is the goal of treatment of the rule.\u00a0At this target lies the decision, what to do with the data packet, whether to reject it, or forward it or process it first.\u00a0The following is a list of iptables target tables. The following targets Description<\/p>\n<ul>\n<li>ACCEPT \u2013 The packet chain is received in the rule<\/li>\n<li>DROP \u2013 The packet chain is \u201cdropped\u201d<\/li>\n<li>REJECT \u2013 The packet chain is rejected like DROP<\/li>\n<li>DNAT &#8211; Chain packets in &#8220;destination nat&#8221; to another address<\/li>\n<li>SNAT \u2013 Packet chain directed to a specific nat source<\/li>\n<li>REDIRECT \u2013 The packet chain is redirected to a specific address and port<\/li>\n<li>MASQUERADE &#8211; Works like SNAT but requires no source<\/li>\n<li>REJECT &#8211; Works like DROP<\/li>\n<\/ul>\n<h2><strong>Examples Case<\/strong><\/h2>\n<blockquote><p>iptables -I INPUT -s 11.22.33.44\/32 -j DROP<\/p><\/blockquote>\n<p>In the example above, we add a rule to the INPUT chain to block traffic from ip 11.22.33.44.\u00a0If the IP accesses our <a href=\"https:\/\/matob.web.id\/news\/what-is-a-lan-network-definition-topology-advantages-and-disadvantages\/\">network<\/a>, the traffic will be dropped immediately.<\/p>\n<div>For more detailed information about iptables, you can check using the command<\/div>\n<blockquote><p>man iptables<\/p><\/blockquote>\n<div>or<\/div>\n<blockquote><p>iptables &#8211;help<\/p><\/blockquote>\n<div>Alright, so an introduction to iptables on <a href=\"https:\/\/matob.web.id\/news\/5-best-linux-distros-for-ethical-hacking-and-penetration-testing\/\">linux<\/a>. If you have something to ask, please comment.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Getting to Know the Basic Iptables Commands on Linux for beginner . This time Matob will only discuss the basics of iptables on GNU\/Linux. Iptables itself is a firewall rule that is used to regulate the entry and exit of traffic on the network on the Linux system that we use. In short, iptables is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1283,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[120,141],"class_list":["post-1281","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-linux","tag-network"],"_links":{"self":[{"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/posts\/1281","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/comments?post=1281"}],"version-history":[{"count":0,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/posts\/1281\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/media\/1283"}],"wp:attachment":[{"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/media?parent=1281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/categories?post=1281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matob.web.id\/news\/wp-json\/wp\/v2\/tags?post=1281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}