Nice aliases for working with iptables

Posted by sam Fri, 20 Nov 2009 15:54:00 GMT

I’ve been using a couple of nice shell aliases when working with ad-hoc iptables rules. You can spruce them up as a batch file, but they’re fine for me as a quick and dirty way to manipulate rules.

alias ips="/sbin/iptables --line-numbers -vn -L INPUT | grep -i"
alias ipd="/sbin/iptables -D INPUT"

That’s all there is to it. You can then interrogate almost any aspect of the default INPUT filter with:

ips icmp
ips 10.64.0
ips drop

to view all ICMP rules, any rules relating to the 10.64.0 subnet, or all rules that drop packets.

The way I use these together, and the reason that `ips` includes the –line-numbers argument, is that I like to add rules and then easily delete them with:

# ips 192
30       0     0 DROP       all  --  *      *       192.0.2.0/24         0.0.0.0/0
# ipd 30

using the rule number as an easier way of deleting the rule without having to conjour up a matching rule specification.

Tags alias, iptables
Meta no comments, permalink, rss, atom

No comments

Head Shot

I'm a primarily UNIX and Linux software consultant, with experience in large hosted J2EE financial applications.

I've been involved in one of the pioneering SaaS (ASP) services in the UK financial services sector, messing with Linux and FreeBSD based Internet infrastructure, firewalls, networking, resilience and disaster recovery.

I currently work for Kurtosys as Senior Infrastructure Analyst using Solaris 10, Linux and a modern Windows stack.

Once upon a time I wrote IBM S/390 Assembler for a UK high-street bank, and was part of the largest data migration in UK history (at that time).