IPTABLES GENERIC
>> Allow port 80 ONLY to private interface for Cloud Load Balancer -A INPUT -i eth1 -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT >> Block whole subnet # iptables -I INPUT -s xxx.xxx.xxx.0/24 -j DROP >> Allow specific IP only iptables -I INPUT -p tcp -s YourIP --dport 22 -j ACCEPT >> Delete rules iptables -vnL --line-numbers iptables -D <chain> /et<rule_number> iptables -D INPUT 4 -A INPUT -s <SOURCE_NETWORK/32> -p tcp -m tcp --dport 21 -m comment --comment "FTP port open" -j ACCEPT -A INPUT -s <SOURCE_NETWORK/32> -p tcp -m multiport --dports 60000:65000 -m comment --comment "FTP passive mode ports" -j ACCEPT
UBUNTU – UFW
service ufw status ufw allow 80 ufw allow from <IP> to any port <port> >> Allow network range ufw allow 192.168.1.0/24 >> Delete rule ufw status numbered ufw delete <rule_number> >> Allow port 80 only on eth1 ufw allow in on eth1 to [eth1 ip addr] port 80 proto tcp # ufw allow from <SOURCE_IP> to any port 25 Rule added # ufw delete allow from <SOURCE_IP> to any port 25 Rule deleted ufw insert 1 allow from <ip address> ufw deny from <ip address> ufw deny from <ip address/24>
https://help.ubuntu.com/community/UFW
CENTOS / RH – Firewalld
Saved rules in: /etc/sysconfig/iptables
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<SOURCE_IP>" port port="10000" protocol="tcp" accept' firewall-cmd --reload firewall-cmd --list-all firewall-cmd --add-service http --permanent firewall-cmd --add-service https --permanent systemctl restart firewalld.service firewall-cmd --list-services >> Add manual rule in firewalld firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 192.168.3.0/24 -m comment --comment "NFS Network" -j ACCEPT >> Remove manual added rule in firewalld vim /etc/firewalld/direct.xml