Added iptables notes & script to show modules help

rezen · Jul 20, 2017 · 79fbd1a · 79fbd1a
1 parent 6c43dfd
commit 79fbd1a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/bin/iptables_modules_help.sh b/bin/iptables_modules_help.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -e
+
+readonly modules=$(ls /lib/modules/$(uname -r)/kernel/net/netfilter/xt_* | grep -oP '(?<=xt_)([a-z]+)')
+
+for m in $modules
+do
+  helps=$(iptables -m "$m" -h 2>&1 | awk '/match options:$/,0' | sed 's/^/   /')
+
+  if [[ -z $helps ]]
+  then
+    continue
+  fi
+
+  echo "--------------------------------------------------------------------"
+  echo
+  echo "$helps"
+  echo
+done
diff --git a/itables-nft.md b/itables-nft.md
@@ -13,6 +13,8 @@ will typically only interact with the filter table.
 - raw 
 - security (SeLinux)
 
+## Rules
+
 **List all the rules**  
 `sudo iptables -L -v --line-numbers`
 
@@ -37,6 +39,11 @@ http://ipset.netfilter.org/iptables-extensions.man.html
 
 **Get Help on module**  
 `iptables -m conntrack -h`
+`iptables -m hashlimit -h 2>&1 | awk '/match options:$/,0'`
+
+### Accounting
+- https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
+
 
 ## Throttling, Rate Limiting
 - https://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/