{"id":20260665,"url":"https://github.com/tim0n3/iptables","last_synced_at":"2025-06-25T09:38:55.315Z","repository":{"id":179464244,"uuid":"397872378","full_name":"tim0n3/iptables","owner":"tim0n3","description":"Firewall rules intended for single hosts (not excluding routers/firewalls)","archived":false,"fork":false,"pushed_at":"2023-08-28T17:22:20.000Z","size":189,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-03T18:48:33.399Z","etag":null,"topics":["iptables","iptables-configurations","iptables-firewall","iptables-rules"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tim0n3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-19T08:32:00.000Z","updated_at":"2023-08-28T17:24:09.000Z","dependencies_parsed_at":"2024-11-14T11:23:27.603Z","dependency_job_id":"14d4e31d-6d53-47b6-831b-7be3286cd493","html_url":"https://github.com/tim0n3/iptables","commit_stats":null,"previous_names":["tim0n3/iptables"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tim0n3/iptables","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tim0n3%2Fiptables","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tim0n3%2Fiptables/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tim0n3%2Fiptables/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tim0n3%2Fiptables/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tim0n3","download_url":"https://codeload.github.com/tim0n3/iptables/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tim0n3%2Fiptables/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261846063,"owners_count":23218701,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iptables","iptables-configurations","iptables-firewall","iptables-rules"],"created_at":"2024-11-14T11:21:29.441Z","updated_at":"2025-06-25T09:38:55.274Z","avatar_url":"https://github.com/tim0n3.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# iptables\nFirewall rules intended for but not limited to single hosts. (router/firewall)\n\nFunction:\n\nMangle table:\n```\nDrop (quick) before conntrack, bogus tcp pkts and portscanners\n```\nRaw table: \n```\nAllow (quick) before conntrack, tcp pkts that set syn flag and jump to notrack \n```\nFilter table:\n```\nAllow (quick) loopback iface traffic \u003cbr\u003e\nAllow (quick) ESTABLISHED and RELATED traffic \u003cbr\u003e\nStateful Packet Inspection filters to drop bogus traffic to ensure only legitimate traffic reaches the host/network. \u003cbr\u003e\nOpened ports/services \u003cbr\u003e\nSAFEZONE for whitelisted IP's (requires changing rules in  IN_CUSTOMRULES chain to be more meaningful) \u003cbr\u003e\n```\n\nNAT table:\n```\n NAT connections destined for VPN clients\n```\n\n# Misc:\n\nLogging functionality:\n\none of the INPUT chain rules logs packets before the default drop rule so in order to filter out the fluff we'll copy the records to a seperate logfile.\n\n## Process:\n\nCreate the following file \u003e `/etc/rsyslog.d/iptables.conf`\nand use the following to log dropped packets in a seperate file from the syslog file.\n```\n  :msg, contains, \"[IPTABLES-BLOCKED]\" - /var/log/iptables.log\n    \u0026 ~\n ```\n \nthen restart syslog process (assuming you're on ubuntu/debian) with the following command (as root):\n` /etc/init.d/rsyslog restart\n`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftim0n3%2Fiptables","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftim0n3%2Fiptables","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftim0n3%2Fiptables/lists"}