ip tables

iptables -L – check current iptables
iptables-save > iptablesold – save current iptabes to a txt file
cp iptablesold iptablesnew – copy iptables to a new file
vi iptablesnew – edit the new iptables file

iptables-restore < iptablesnew – import new ip tables – insert the new rule into the document and save the file
/etc/init.d/iptables save – save iptables
/etc/init.d/iptables reload – reload iptables
iptables -L – check new rules have been added


iptables – list – list all iptables rules
iptables – flush – delete iptables rules
iptables -L – check new rules have been added
iptables – A INPUT -s 218.104.48.105 -j DROP – block ip (ACCEPT to allow)
service iptables save – save iptables
service iptables restart – restart iptables
service iptables stop – stop iptables
iptables-restore < ip

iptables – I INPUT -p tcp – dport 110 -j ACCEPT
iptables – I INPUT -p tcp – dport 8080 -j ACCEPT
/etc/sysconfig/iptables-config

Edit first uncomented line to:
IPTABLES_MODULES=”ip_conntrack_netbios_ns ip_conntrack_ftp ip_conntrack_tftp”

Restart iptables
iptables-save > iptables_original.txt
iptables-restore < iptables.txt
service iptables save
service iptables restart

Plesk IP Tables Rules

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3789:7730982]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -s ipaddress -p tcp -m state –state NEW -m tcp –dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 8447 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -s 95.154.224.0/255.255.255.0 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

Rapidswitch IP Tables Rules

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3789:7730982]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -s 95.154.224.0/255.255.255.0 -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 587 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 2082 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 2083 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 2086 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 2087 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 8447 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT