![(please configure the [header_logo] section in trac.ini)](/Utils/chrome/site/your_project_logo.png){kind=logo}
| Version 4 (modified by , 4 weeks ago) (diff) |
|---|
IPtables
iptables -L --line-numbers # Delete rules number 3 in the list iptables -D 3
Forward packet between vpn client subnet
iptables -A FORWARD -s 10.50.30.0/24 -d 10.50.30.0/24 -j ACCEPT
Block dst IP
iptables -A OUTPUT -d 203.151.31.76 -j DROP
Unblock dst IP
iptables -D OUTPUT -d 203.151.31.76 -j DROP
To block specific port number such tcp port # 5050, enter:
iptables -A OUTPUT -p tcp --dport 5050 -j DROP
To block tcp port # 5050 for an IP address 192.168.1.2 only, enter:
iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 5050 -j DROP
For unblock just change -A to -D on the above command
IP table src NAT
Ref here
All packets leaving eth1 will change source IP to 192.168.20.1
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.20.1
We save iptable as persistent rule when reboot
~]# apt install iptables-persistent ~]# iptables-save > /etc/iptables/rules.v4 OR ~]# ip6tables-save > /etc/iptables/rules.v6 ~]# iptable -L -t nat
