Get the current firewall rules (LIST)

iptables -L

Screenshot above shows the default firewall rule of that centos7 linux machine. No rules added so far.

Inserting rule to block a specific IP Address

iptables -A INPUT -s 35.33.11.192 -j DROP

Screenshot below shows that the cent7 machine cannot access the web server of the “primary” machine with nginx web server

Screenshot below shows that the ip 10.105.205.151 is now able to connect the ‘primary’ machine nginx web server

-A = Append/Insert, -s = Source IP, j = What do you want to do with that given rule? DROP it? ACCEPT it?

Blocking specific incoming/INPUT from a specific port

iptables -A INPUT -p tcp --dport 80 -j DROP

-p = protocol and you care adding the TCP protocol on that rule, –dport = destination port, -j = jump aka your decision (DROP IT like it’s hot? or ACCEPT IT?)

Replace/updating rule

iptables -R INPUT 2 -s 77.77.33.22 -j DROP

R = replace/update

Screenshot below we updated the ipaddress

Deleting a rule

Screenshot above shows under INPUT chain policy shows there are 2 rules. So let’s delete the second rule from that INPUT chain rule.

iptables -D INPUT 2

Replacing / Updating rule

Blocking ICMP/ping incoming connection

iptables -A INPUT -p icmp -j DROP

Screenshot below that a user/machine can no longer ping the target host.

IP Range

iptables -A INPUT -j DROP -m iprange --src-range 10.235.168.1-10.235.186.200

-m = to use extension ‘iprange’. See man iptables-extensions for more details.

Subscribe To Our Newsletter

Join our mailing list to receive the latest website layout designs, news and updates from our team.

You have Successfully Subscribed!

Share This