= IPtables =


{{{
#!sh
iptables -L --line-numbers
# Delete rules number 3 in the list
iptables -D 3
}}}

Forward packet between vpn client subnet
{{{
#!sh
iptables -A FORWARD -s 10.50.30.0/24 -d 10.50.30.0/24 -j ACCEPT
}}}

Block dst IP
{{{
#!sh
iptables -A OUTPUT -d 203.151.31.76 -j DROP
}}} 
Unblock dst IP
{{{
#!sh
iptables -D OUTPUT -d 203.151.31.76 -j DROP
}}}

To block specific port number such tcp port # 5050, enter:
{{{
#!sh
iptables -A OUTPUT -p tcp --dport 5050 -j DROP
}}}
To block tcp port # 5050 for an IP address 192.168.1.2 only, enter:
{{{
#!sh
iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 5050 -j DROP
}}}
For unblock just change -A to -D on the above command


== IP table src NAT
Ref [https://gist.github.com/tomasinouk/eec152019311b09905cd here]

All packets leaving eth1 will change source IP to 192.168.20.1
{{{
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.20.1
}}}

We save iptable as persistent rule when reboot
{{{
~]# apt install iptables-persistent
~]# iptables-save > /etc/iptables/rules.v4
OR
~]# ip6tables-save > /etc/iptables/rules.v6
~]# iptable -L -t nat
}}}