# ADD TO TOP iptables -I INPUT 1 -s 10.88.195.2/32 -p tcp --dport 555 -j ACCEPT # DELETE THAT RULE iptables -D INPUT -s 10.88.195.2/32 -p tcp -m tcp --dport 555 -j ACCEPT # REDIRECT TRAFFIC TO ANOTHER SERVER iptables -t nat -A PREROUTING -p tcp --dport 8888 -j DNAT --to 192.168.88.33:8888 # change source ip address from 10.1.1.3 to 10.1.1.9 for destination 10.2.100.16:5060 tcp iptables -t nat -A POSTROUTING -s 10.1.1.3 -d 10.2.100.16 -p tcp --destination-port 5060 -j SNAT --to 10.1.1.9 # SET DEFAULT iptables -P INPUT ACCEPT # log with limit iptables -A INPUT -m limit --limit 2/min -j LOG --log-prefix "iptables-dropped: " # port redirect from 8822 to 22 iptables -A FORWARD -m state -p tcp -d 10.123.0.52 --dport 22 --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8822 -j DNAT --to-destination 10.123.0.52:22
Links
http://conntrack-tools.netfilter.org/manual.html
http://people.netfilter.org/pablo/docs/login.pdf