List

To see the current firewall rules:

iptables -L -v -n -x --line-numbers -t filter
iptables -L -v -n -x --line-numbers -t nat

Redirect outgoing connection to a different port

For instance, the following command will redirect outgoing connection to http service on the 10.0.0.1 host to a localhost service:

iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1:8080

Block a brute force attack

The follow commands will store incoming connections in SSH_LIST and drop attempts that exceeds 2 connections in 60 seconds:

iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH_LIST
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH_LIST -j DROP

Script available in iptables_SSHlimit.sh

• from https://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/

Routing / Masquerade

• FORWARD and NAT Rules https://docs.fedoraproject.org/en-US/Fedora/13/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
• IP Masquerading using iptables http://billauer.co.il/ipmasq-html.html
• Setting Up Linux Network Gateway Using iptables and route https://www.systutorials.com/setting-up-gateway-using-iptables-and-route-on-linux/
• new route command, example https://serverfault.com/a/836708
• deny rule for masquerade, example https://serverfault.com/a/256267
• aws nat script https://serverfault.com/a/522135

Debugging

• https://serverfault.com/a/126078