Never Ending Security

It starts all here

Iptables howto and guides, with all the tricks (for Linux)

An good discripted guide and how to for managing the iptables, can be found on:
https://help.ubuntu.com/community/IptablesHowTo

Step-By-Step configuration of NAT with iptables:
https://www.howtoforge.com/nat_iptables

An other clear guide can be found on:
http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial

20 iptables examples for new system administrators:
http://www.cyberciti.biz/tips/linux-iptables-examples.html

How to configure IPv6 ip6tables firewall:
http://www.cyberciti.biz/faq/redhat-fedora-ip6tables-firewall-configuration

How to build a simple linux firewall for dsl/cable/fiber connection with iptables:
http://www.cyberciti.biz/tips/how-do-i-build-a-simple-linux-firewall-for-dsldial-up-connection.html

Block port numbers with iptables:
http://www.cyberciti.biz/faq/iptables-block-port

How to block particular ip addresses or host with iptables:
http://www.cyberciti.biz/faq/linux-iptables-drop

Block by country in iptables:
http://www.cyberciti.biz/faq/block-entier-country-using-iptables

Block remote X windows server connections with iptables:
http://www.cyberciti.biz/tips/iptables-block-remote-x-window-server-connection.html

Block all network traffic with iptables:
http://www.cyberciti.biz/tips/linux-iptables-2-how-to-block-all-network-traffic.html

Block common attacks with iptables:
http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html

Block outgoing network access for a single user with iptables:
http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html

Restricting network access by time of the day with iptables:
http://www.cyberciti.biz/tips/iptables-for-restricting-access-by-time-of-day.html

Restrict SSH acces with iptables:
http://www.cyberciti.biz/faq/restrict-ssh-access-use-iptable

Block incoming access from select or specific ip-address and/or port with iptables:
http://www.cyberciti.biz/tips/howto-block-ipaddress-with-iptables-firewall.html

Block outgoing access to select or specific ip-address and/or port with iptables:
http://www.cyberciti.biz/tips/linux-iptables-6-how-to-block-outgoing-access-to-selectedspecific-ip-address.html

How to unblock / delete an ip addresses or host listed in iptables:
http://www.cyberciti.biz/faq/iptables-delete-ip-address-subnet-from-linux-firewall

How to block or open http/web-services port 80 & 443:
http://www.cyberciti.biz/tips/linux-iptables-11-how-to-block-or-open-httpweb-service.html

Allow or block icmp ping requests with iptables:
http://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html

Allow NFS-clients to access the NFS server with iptables:
http://www.cyberciti.biz/faq/centos-fedora-rhel-iptables-open-nfs-server-ports

Allow SOCKS incoming client requests with iptables:
http://www.cyberciti.biz/tips/linux-iptables-allow-socks-incoming-client-request.html

Allow Squid proxy incoming client requests for iptables:
http://www.cyberciti.biz/tips/linux-iptables-allow-squid-proxy-incoming-client-request.html

Allow Pop3 server requests for iptables:
http://www.cyberciti.biz/tips/linux-iptables-14-how-to-allow-pop3-serverprotocol-request.html

Block or allow mail server / smtp protocol for iptables:
http://www.cyberciti.biz/tips/linux-iptables-15-how-to-block-or-open-mail-serversmtp-protocol.html

Open ports for LDAP server in iptables:
http://www.cyberciti.biz/faq/configure-linux-iptables-to-allow-access-ldap-server

Allow or deny samba services with iptables:
http://www.cyberciti.biz/faq/configure-iptables-to-allow-deny-access-to-samba

Open TCP ports for bittorrent with iptables:
http://www.cyberciti.biz/tips/linux-iptables-open-bittorrent-tcp-ports-6881-to-6889.html

Allow CIPE connection request for iptables:
http://www.cyberciti.biz/tips/iptables-allow-cipe-connection-request.html

Allow or block DNS / Bind service for iptables:
http://www.cyberciti.biz/tips/linux-iptables-12-how-to-block-or-open-dnsbind-service-port-53.html

Allow incoming VNC connection for iptables:
http://www.cyberciti.biz/faq/linux-iptables-open-vncserver-port-6000-5800-5900

Allow traffic to pass via venet0 to all vps containers (OpenVZ) with iptables:
http://www.cyberciti.biz/faq/centos-rhel-linux-openvz-hardware-node-iptables-firewall

Iptables port redirection examples:
http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables

Forward multiple ports in iptables:
http://www.cyberciti.biz/faq/linux-iptables-multiport-range

Fixing ip_conntrack table full dropping packet error for iptables:
http://www.cyberciti.biz/faq/ip_conntrack-table-ful-dropping-packet-error

How to use the connection tracking feature with iptables:
http://www.cyberciti.biz/tips/how-do-i-use-iptables-connection-tracking-feature.html

Limit the number of incoming TCP connections / syn-flood attacks for iptables:
http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html

Find/check banned ip addresses in iptables from the command-line:
http://www.cyberciti.biz/faq/linux-howto-check-ip-blocked-against-iptables

Iptables limit maximum connections per IP:
http://www.cyberciti.biz/faq/iptables-connection-limits-howto

List and show all NAT tables rules from iptables:
http://www.cyberciti.biz/faq/howto-iptables-show-nat-rules

Force iptables to log to a different log-file:
http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html

Log messages from iptables in the log module:
http://www.cyberciti.biz/tips/how-can-i-enable-or-setup-log-message-in-the-iptables-firewall.html

Use mac address filtering in iptables:
http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html

Read a list of ip addresses from a file and block with iptables:
http://www.cyberciti.biz/faq/iptables-read-and-block-ips-subnets-from-text-file

Setup masquerading in iptabes:
http://www.cyberciti.biz/faq/iptables-setup-masquerading-for-linux-firewall

Configure network address translation (NAT) with iptables:
http://www.cyberciti.biz/faq/howto-configure-network-address-translation-or-nat

Monitor bandwidth with iptables:
http://www.cyberciti.biz/faq/linux-configuring-ip-traffic-accounting

Log ip or TCP packet header with iptables:
http://www.cyberciti.biz/tips/iptables-log-network-layer-ip-tcp-headers.html

Ipset administration tool for ipsets and iptables:
http://www.cyberciti.biz/faq/centos-rhel-install-ipset-administration-tool-for-ip-sets-and-iptables

Setup port knocking with knockd and iptables:
http://www.cyberciti.biz/faq/debian-ubuntu-linux-iptables-knockd-port-knocking-tutorial

Using iptables and tcp wrappers to secure portmap service:
http://www.cyberciti.biz/faq/linux-secure-portmap-with-iptables-tcp-wrappers

How to start iptables automatically when your system boot up:
http://www.cyberciti.biz/faq/starting-iptables-firewall-at-boot

Save and/or restore iptables rules:
http://www.cyberciti.biz/faq/how-to-save-restore-iptables-firewall-config-ubuntu
http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings

Avoid ip spoofing and bad address attacks with a shell script for iptables:
http://www.cyberciti.biz/tips/linux-iptables-8-how-to-avoid-spoofing-and-bad-addresses-attack.html

Test iptables script remotely:
http://www.cyberciti.biz/faq/test-iptables-script-remotely

Iptables firewall shell script for standalone server:
http://bash.cyberciti.biz/firewall/linux-iptables-firewall-shell-script-for-standalone-server

IPv6 firewall script for iptables:
http://bash.cyberciti.biz/firewall/centos-debian-rhel-ipv6-iptables

How to run a firewall script as soon as eth0 interface the connection brings up:
http://www.cyberciti.biz/tips/how-do-i-run-firewall-script-as-soon-as-eth0-interface-brings-up.html

Security shell script to block ip addresses in iptables:
http://bash.cyberciti.biz/firewall/iptables-block-ip-address

Add or delete an ip address remotely using a shell script for iptables:
http://www.cyberciti.biz/faq/linux-iptables-add-delete-ip-address

Simple shell script to stop and flush all iptables rules:
http://bash.cyberciti.biz/security/shell-script-to-stop-linux-firewall

Configure network interface as a bridge / network switch:
http://www.cyberciti.biz/faq/debian-network-interfaces-bridge-eth0-eth1-eth2

Setup a firewall for a web server with iptables:
http://www.cyberciti.biz/faq/linux-web-server-firewall-tutorial

Fix neighbour  table overflow error:
http://www.cyberciti.biz/faq/centos-redhat-debian-linux-neighbor-table-overflow

Detect and block port scan attacks in real-time with psad:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks

Easy firewall generator for iptables:
http://easyfwgen.morizot.net/gen/index.php

A more advanced firewall generator is Firewall Builder
Introduction: http://www.cyberciti.biz/tips/introduction-to-firewall-builder-4-0.html
Part1: http://www.cyberciti.biz/tips/firewall-builder4-webserver-cluster-tutorial.html
Part2: http://www.cyberciti.biz/tips/creating-firewall-cluster-objects-in-firewall-builder.html
Part3: http://www.cyberciti.biz/tips/linux-cluster-building-firewall-rules.html
Part4: http://www.cyberciti.biz/tips/openbsd-pf-firewall-builder-configuration.html

Firewall Builder can also bu used create and build firewall setups for Mac OS X, OpenBSD, FreeBSD and some more systems.
Iptables does work for Mac OS X systems, they can their firewall settings with the command: “pfctl” and us the command: “man pfctl” for instructions

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s