General Networking

  • Netstat usage:
netstat -antp
# -a all
# -n show numeric addresses
# -p show port
# -t tcp

Iptables

  • IPTables - view (list) active rules:
iptables -L
  • IPTables - return iptables to the default setting (accepting all connections):
iptables -L
iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT
  • Clear ALL IPTables firewall rules:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -t raw -F iptables -t raw -X
  • IPTables - to drop (forbid) ALL traffic:
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
  • To block anything coming from 192.168.1.30 or a /24 (parameters - A for append to chain, S for source):
iptables -A INPUT -s 192.168.1.30 -j DROP
iptables -A INPUT -s 192.168.1.0/24 -j DROP
  • To add line-numbers for each rule, so that you can then specify which rule you want to reset or change:
iptables -L -v --line-numbers
  • To remove/delete a rule:
iptables -D INPUT 2
  • To remove all rules (flush):
iptables -F
  • To measure bandwidth:
iptables -L -v
  • To restart the count:
iptables -Z
  • Your changes will only be saved and therefore in action until you restart iptables. They will disappear every time you reboot, unless you save the changes!

  • To save your changes (Ubuntu):
sudo /sbin/iptables-save
# If that does not work, try editing the files yourself:
# Debian/Ubuntu: iptables-save > /etc/iptables/rules.v4
# RHEL/CentOS: iptables-save > /etc/sysconfig/iptables
  • Enable traffic forwarding from eth0 to the eth1 interface:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Troubleshooting

  • Have you tried to turn it on and off again?
  • For networking issues, try:
sudo service network-manager restart
  • For WiFi issues, try rfkill:
rfkill list
0:  phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
2:  hci0: Bluetooth
    Soft blocked: no
    Hard blocked
  • Block (phy0):
rfkill block 0
  • Unblock (phy0):
rfkill unblock 0