iptables 초기화 및 기본설정

By Kerus Ashe in Network May 2, 2019

(Last Updated On: May 2, 2019)

iptables 초기화

# set default policies to let everything in

iptables --policy INPUT   ACCEPT
iptables --policy OUTPUT  ACCEPT
iptables --policy FORWARD ACCEPT

iptables -Z # zero counters
iptables -F # flush (delete) rules
iptables -X # delete all extra chains

iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

인터페이스 다 막기

iptables -P INPUT DROP
iptables -A OUTPUT -j ACCEPT 

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

아웃바운드 트래픽 허용 및 DNS 트래픽 허용

iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT

기타

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

DHCP 트래픽 허용

iptables -A INPUT -p udp --sport 67 --dport 68 -m state --state RELATED,ESTABLISHED -j ACCEPT

More from my site

Tags: iptables