|
|
|
@ -25,55 +25,63 @@
|
|
|
|
|
|
|
|
|
|
****
|
|
|
|
|
|
|
|
|
|
## Table Of Content
|
|
|
|
|
|
|
|
|
|
- [Tools to help you configure Iptables](#tools-to-help-you-configure-iptables)
|
|
|
|
|
- [Iptables Rules](#iptables-rules)
|
|
|
|
|
* [Saving Rules](#saving-rules)
|
|
|
|
|
- [Debian Based](#debian-based)
|
|
|
|
|
- [RedHat Based](#redhat-based)
|
|
|
|
|
* [List out all of the active iptables rules](#list-out-all-of-the-active-iptables-rules)
|
|
|
|
|
* [List out all of the active iptables rules with numeric lines](#list-out-all-of-the-active-iptables-rules-with-numeric-lines)
|
|
|
|
|
* [List Rules as Tables](#list-rules-as-tables)
|
|
|
|
|
* [List Rules as Tables for INPUT chain](#list-rules-as-tables-for-input-chain)
|
|
|
|
|
* [Show all of the rule specifications in the INPUT chain](#show-all-of-the-rule-specifications-in-the-input-chain)
|
|
|
|
|
* [Show Packet Counts and Aggregate Size](#show-packet-counts-and-aggregate-size)
|
|
|
|
|
* [Delete Rule by Chain and Number](#delete-rule-by-chain-and-number)
|
|
|
|
|
* [Delete Rule by Specification](#delete-rule-by-specification)
|
|
|
|
|
* [Flush All Rules, Delete All Chains, and Accept All](#flush-all-rules--delete-all-chains--and-accept-all)
|
|
|
|
|
* [Flush All Chains](#flush-all-chains)
|
|
|
|
|
* [Flush a Single Chain](#flush-a-single-chain)
|
|
|
|
|
* [Allow Loopback Connections](#allow-loopback-connections)
|
|
|
|
|
* [Allow Established and Related Incoming Connections](#allow-established-and-related-incoming-connections)
|
|
|
|
|
* [Allow Established Outgoing Connections](#allow-established-outgoing-connections)
|
|
|
|
|
* [Internal to External](#internal-to-external)
|
|
|
|
|
* [Drop Invalid Packets](#drop-invalid-packets)
|
|
|
|
|
* [Block an IP Address](#block-an-ip-address)
|
|
|
|
|
* [Block and IP Address and Reject](#block-and-ip-address-and-reject)
|
|
|
|
|
* [Block Connections to a Network Interface](#block-connections-to-a-network-interface)
|
|
|
|
|
* [Block Connections to a Network Interface](#block-connections-to-a-network-interface-1)
|
|
|
|
|
* [Allow All Incoming SSH](#allow-all-incoming-ssh)
|
|
|
|
|
* [Allow Incoming SSH from Specific IP address or subnet](#allow-incoming-ssh-from-specific-ip-address-or-subnet)
|
|
|
|
|
* [Allow Outgoing SSH](#allow-outgoing-ssh)
|
|
|
|
|
* [Allow Incoming Rsync from Specific IP Address or Subnet](#allow-incoming-rsync-from-specific-ip-address-or-subnet)
|
|
|
|
|
* [Allow All Incoming HTTP](#allow-all-incoming-http)
|
|
|
|
|
* [Allow All Incoming HTTPS](#allow-all-incoming-https)
|
|
|
|
|
* [Allow All Incoming HTTP and HTTPS](#allow-all-incoming-http-and-https)
|
|
|
|
|
* [Allow MySQL from Specific IP Address or Subnet](#allow-mysql-from-specific-ip-address-or-subnet)
|
|
|
|
|
* [Allow MySQL to Specific Network Interface](#allow-mysql-to-specific-network-interface)
|
|
|
|
|
* [PostgreSQL from Specific IP Address or Subnet](#postgresql-from-specific-ip-address-or-subnet)
|
|
|
|
|
* [Allow PostgreSQL to Specific Network Interface](#allow-postgresql-to-specific-network-interface)
|
|
|
|
|
* [Block Outgoing SMTP Mail](#block-outgoing-smtp-mail)
|
|
|
|
|
* [Allow All Incoming SMTP](#allow-all-incoming-smtp)
|
|
|
|
|
* [Allow All Incoming IMAP](#allow-all-incoming-imap)
|
|
|
|
|
* [Allow All Incoming IMAPS](#allow-all-incoming-imaps)
|
|
|
|
|
* [Allow All Incoming POP3](#allow-all-incoming-pop3)
|
|
|
|
|
* [Allow All Incoming POP3S](#allow-all-incoming-pop3s)
|
|
|
|
|
|
|
|
|
|
****
|
|
|
|
|
|
|
|
|
|
### Tools to help you configure Iptables
|
|
|
|
|
|
|
|
|
|
- **[Shorewall](http://shorewall.org/)**
|
|
|
|
|
- **[Firewalld](https://firewalld.org/)**
|
|
|
|
|
- **[FireHOL](https://github.com/firehol/firehol)**
|
|
|
|
|
- **[UFW](Uncomplicated Firewall)**
|
|
|
|
|
- **[UFW](https://wiki.ubuntu.com/UncomplicatedFirewall)**
|
|
|
|
|
|
|
|
|
|
### Iptables Rules
|
|
|
|
|
|
|
|
|
|
- [1. Saving Rules](#1-saving-rules)
|
|
|
|
|
- [2. List out all of the active iptables rules](#2-list-out-all-of-the-active-iptables-rules)
|
|
|
|
|
- [3. List out all of the active iptables rules with numeric lines](#3-list-out-all-of-the-active-iptables-rules-with-numeric-lines)
|
|
|
|
|
- [4. List Rules as Tables](#4-list-rules-as-tables)
|
|
|
|
|
- [5. List Rules as Tables for INPUT chain](#5-list-rules-as-tables-for-input-chain)
|
|
|
|
|
- [6. Show all of the rule specifications in the INPUT chain](#6-show-all-of-the-rule-specifications-in-the-input-chain)
|
|
|
|
|
- [7. Show Packet Counts and Aggregate Size](#7-show-packet-counts-and-aggregate-size)
|
|
|
|
|
- [8. Delete Rule by Chain and Number](#8-delete-rule-by-chain-and-number)
|
|
|
|
|
- [9. Delete Rule by Specification](#9-delete-rule-by-specification)
|
|
|
|
|
- [10. Flush All Rules, Delete All Chains, and Accept All](#10-flush-all-rules--delete-all-chains--and-accept-all)
|
|
|
|
|
- [11. Flush All Chains](#11-flush-all-chains)
|
|
|
|
|
- [12. Flush a Single Chain](#12-flush-a-single-chain)
|
|
|
|
|
- [13. Allow Loopback Connections](#13-allow-loopback-connections)
|
|
|
|
|
- [14. Allow Established and Related Incoming Connections](#14-allow-established-and-related-incoming-connections)
|
|
|
|
|
- [15. Allow Established Outgoing Connections](#15-allow-established-outgoing-connections)
|
|
|
|
|
- [16. Internal to External](#16-internal-to-external)
|
|
|
|
|
- [17. Drop Invalid Packets](#17-drop-invalid-packets)
|
|
|
|
|
- [18. Block an IP Address](#18-block-an-ip-address)
|
|
|
|
|
- [19. Block and IP Address and Reject](#19-block-and-ip-address-and-reject)
|
|
|
|
|
- [20. Block Connections to a Network Interface](#20-block-connections-to-a-network-interface)
|
|
|
|
|
- [21. Block Connections to a Network Interface](#21-block-connections-to-a-network-interface)
|
|
|
|
|
- [22. Allow All Incoming SSH](#22-allow-all-incoming-ssh)
|
|
|
|
|
- [23. Allow Incoming SSH from Specific IP address or subnet](#23-allow-incoming-ssh-from-specific-ip-address-or-subnet)
|
|
|
|
|
- [24. Allow Outgoing SSH](#24-allow-outgoing-ssh)
|
|
|
|
|
- [25. Allow Incoming Rsync from Specific IP Address or Subnet](#25-allow-incoming-rsync-from-specific-ip-address-or-subnet)
|
|
|
|
|
- [26. Allow All Incoming HTTP](#26-allow-all-incoming-http)
|
|
|
|
|
- [27. Allow All Incoming HTTPS](#27-allow-all-incoming-https)
|
|
|
|
|
- [28. Allow All Incoming HTTP and HTTPS](#28-allow-all-incoming-http-and-https)
|
|
|
|
|
- [29. Allow MySQL from Specific IP Address or Subnet](#29-allow-mysql-from-specific-ip-address-or-subnet)
|
|
|
|
|
- [30. Allow MySQL to Specific Network Interface](#30-allow-mysql-to-specific-network-interface)
|
|
|
|
|
- [31. PostgreSQL from Specific IP Address or Subnet](#31-postgresql-from-specific-ip-address-or-subnet)
|
|
|
|
|
- [32. Allow PostgreSQL to Specific Network Interface](#32-allow-postgresql-to-specific-network-interface)
|
|
|
|
|
- [33. Block Outgoing SMTP Mail](#33-block-outgoing-smtp-mail)
|
|
|
|
|
- [34. Allow All Incoming SMTP](#34-allow-all-incoming-smtp)
|
|
|
|
|
- [35. Allow All Incoming IMAP](#35-allow-all-incoming-imap)
|
|
|
|
|
- [36. Allow All Incoming IMAPS](#36-allow-all-incoming-imaps)
|
|
|
|
|
- [37. Allow All Incoming POP3](#37-allow-all-incoming-pop3)
|
|
|
|
|
- [38. Allow All Incoming POP3S](#38-allow-all-incoming-pop3s)
|
|
|
|
|
|
|
|
|
|
#### 1. Saving Rules
|
|
|
|
|
#### Saving Rules
|
|
|
|
|
|
|
|
|
|
###### Debian Based
|
|
|
|
|
|
|
|
|
@ -93,55 +101,55 @@ netfilter-persistent save
|
|
|
|
|
service iptables save
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 2. List out all of the active iptables rules
|
|
|
|
|
#### List out all of the active iptables rules
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -S
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 3. List out all of the active iptables rules with numeric lines
|
|
|
|
|
#### List out all of the active iptables rules with numeric lines
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -L --line-numbers
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 4. List Rules as Tables
|
|
|
|
|
#### List Rules as Tables
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -L
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 5. List Rules as Tables for INPUT chain
|
|
|
|
|
#### List Rules as Tables for INPUT chain
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -L INPUT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 6. Show all of the rule specifications in the INPUT chain
|
|
|
|
|
#### Show all of the rule specifications in the INPUT chain
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -S INPUT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 7. Show Packet Counts and Aggregate Size
|
|
|
|
|
#### Show Packet Counts and Aggregate Size
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -L INPUT -v
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 8. Delete Rule by Chain and Number
|
|
|
|
|
#### Delete Rule by Chain and Number
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -D INPUT 10
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 9. Delete Rule by Specification
|
|
|
|
|
#### Delete Rule by Specification
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -D INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 10. Flush All Rules, Delete All Chains, and Accept All
|
|
|
|
|
#### Flush All Rules, Delete All Chains, and Accept All
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -P INPUT ACCEPT
|
|
|
|
@ -154,185 +162,185 @@ iptables -F
|
|
|
|
|
iptables -X
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 11. Flush All Chains
|
|
|
|
|
#### Flush All Chains
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -F
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 12. Flush a Single Chain
|
|
|
|
|
#### Flush a Single Chain
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -F INPUT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 13. Allow Loopback Connections
|
|
|
|
|
#### Allow Loopback Connections
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 14. Allow Established and Related Incoming Connections
|
|
|
|
|
#### Allow Established and Related Incoming Connections
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 15. Allow Established Outgoing Connections
|
|
|
|
|
#### Allow Established Outgoing Connections
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 16. Internal to External
|
|
|
|
|
#### Internal to External
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 17. Drop Invalid Packets
|
|
|
|
|
#### Drop Invalid Packets
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 18. Block an IP Address
|
|
|
|
|
#### Block an IP Address
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -s 15.15.15.51 -j DROP
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 19. Block and IP Address and Reject
|
|
|
|
|
#### Block and IP Address and Reject
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -s 15.15.15.51 -j REJECT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 20. Block Connections to a Network Interface
|
|
|
|
|
#### Block Connections to a Network Interface
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -i eth0 -s 15.15.15.51 -j DROP
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 21. Block Connections to a Network Interface
|
|
|
|
|
#### Block Connections to a Network Interface
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -i eth0 -s 15.15.15.51 -j DROP
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 22. Allow All Incoming SSH
|
|
|
|
|
#### Allow All Incoming SSH
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 23. Allow Incoming SSH from Specific IP address or subnet
|
|
|
|
|
#### Allow Incoming SSH from Specific IP address or subnet
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp -s 15.15.15.0/24 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 24. Allow Outgoing SSH
|
|
|
|
|
#### Allow Outgoing SSH
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 25. Allow Incoming Rsync from Specific IP Address or Subnet
|
|
|
|
|
#### Allow Incoming Rsync from Specific IP Address or Subnet
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp -s 15.15.15.0/24 --dport 873 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 873 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 26. Allow All Incoming HTTP
|
|
|
|
|
#### Allow All Incoming HTTP
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 27. Allow All Incoming HTTPS
|
|
|
|
|
#### Allow All Incoming HTTPS
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 28. Allow All Incoming HTTP and HTTPS
|
|
|
|
|
#### Allow All Incoming HTTP and HTTPS
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 29. Allow MySQL from Specific IP Address or Subnet
|
|
|
|
|
#### Allow MySQL from Specific IP Address or Subnet
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp -s 15.15.15.0/24 --dport 3306 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 3306 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 30. Allow MySQL to Specific Network Interface
|
|
|
|
|
#### Allow MySQL to Specific Network Interface
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -i eth1 -p tcp --dport 3306 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -o eth1 -p tcp --sport 3306 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 31. PostgreSQL from Specific IP Address or Subnet
|
|
|
|
|
#### PostgreSQL from Specific IP Address or Subnet
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp -s 15.15.15.0/24 --dport 5432 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 5432 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 32. Allow PostgreSQL to Specific Network Interface
|
|
|
|
|
#### Allow PostgreSQL to Specific Network Interface
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -i eth1 -p tcp --dport 5432 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -o eth1 -p tcp --sport 5432 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 33. Block Outgoing SMTP Mail
|
|
|
|
|
#### Block Outgoing SMTP Mail
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A OUTPUT -p tcp --dport 25 -j REJECT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 34. Allow All Incoming SMTP
|
|
|
|
|
#### Allow All Incoming SMTP
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 35. Allow All Incoming IMAP
|
|
|
|
|
#### Allow All Incoming IMAP
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 143 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 143 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 36. Allow All Incoming IMAPS
|
|
|
|
|
#### Allow All Incoming IMAPS
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 993 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 993 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 37. Allow All Incoming POP3
|
|
|
|
|
#### Allow All Incoming POP3
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 110 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -A OUTPUT -p tcp --sport 110 -m conntrack --ctstate ESTABLISHED -j ACCEPT
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
#### 38. Allow All Incoming POP3S
|
|
|
|
|
#### Allow All Incoming POP3S
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
iptables -A INPUT -p tcp --dport 995 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
|
|
|
|
|