How to: Basic IPTables File Configuration - Atlantic.Net
/etc/iptables.current is created at boot by copying /etc/iptables (which the iptables service is configured to load initially). This way I can modify things on the fly while maintaining a reference point that the system starts from. Simple Iptables configuration for ssh on debian and Ubuntu Aug 23, 2018
At work, I needed to log and block SSLv3 connections on ports 993 (IMAPS) and 995 (POP3S) using iptables. So, I combined Gert van Dijk's How to take down SSLv3 in your network using iptables firewall?(POODLE) with Prevok's answer and came up with this: iptables -N SSLv3 iptables -A SSLv3 -j LOG --log-prefix "SSLv3 Client Hello detected: " iptables -A SSLv3 -j DROP iptables -A INPUT \ -p tcp
iptables is a pure packet filter when using the default 'filter' table, with optional extension modules. This should simplify much of the previous confusion over the combination of IP masquerading and packet filtering seen previously. IPTables is a very powerful firewall that allows you to protect your Linux servers. I have been looking for some best practices to protect a server from the Internet and after collecting some examples here and there I came up with the following rules.
Sample: Service iptables save That might be fine when we have this small number of rules, but imagine if we had hundreds of rules to keep track of. It might be difficult for us to parse through those rules without a little commentary to help us remember what the intent of creating those rules was in the first place.
Quick HOWTO : Ch14 : Linux Firewalls Using iptables Aug 10, 2012