HOST SYSTEM FIREWALLS

Export existing iptables firewall rules:

iptables-save > firewall.out

Edit firewall rules and chains in firewall.out and save the file:

vi firewall.out

Apply iptables:

iptables-restore < firewall.out

Example iptables commands (IP, IP Range, Port Blocks):

iptables -A INPUT -s 10.10.10.10 -j DROP
iptables -A INPUT -s 10,10.10.0/24 -j DROP
iptables -A INPUT -p tcp --dport ssh -s
10.10.10.10 -j DROP
iptables -A INPUT -p tcp --dport ssh -j DROP

Block all connections:

iptables-policy INPUT DROP
iptables-policy OUTPUT DROP
iptables-policy FORWARD DROP

Log all denied iptables rules:

iptables -I INPUT 5 -m limit --limit 5/min -j LOG
--log-prefix "iptables denied: " --log-level 7

Save all current iptables rules: Ubuntu:

/etc/init.d/iptables save
/sbin/service iptables save

RedHat / CentOS:

/etc/init.d/iptables save
/sbin/iptables-save

List all current iptables rules:

iptables -L

Flush all current iptables rules:

iptables -F