more cleanup

networking/iptables.md

@@ -1,6 +1,6 @@
 ---
 title: "iptables"
-tags: [ "Documentation", "networking" ]
+tags: [ "Documentation", "Networking" ]
 ---
 # Intro
 
@@ -24,7 +24,7 @@ Let's 'A'dd, or 'A'ppend a rule with -A.  Let's drop all input from a nearby IP
 
 > iptables -A INPUT -s 192.168.0.23 -j DROP
 
-Or we can block all input from a particular port on the full network.
+Or we can block all input from a particular port on the full Network.
 
 > iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
 
@@ -55,3 +55,26 @@ Flush all existing rules with:
 
 > iptables -F
 
+
+# Examples
+
+```
+# Allow all loopback (lo0) traffic and drop all traffic to 127/8
+# that doesn't use lo0
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+iptables -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
+
+# Allow established sessions to receive traffic
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Allow ICMP pings
+iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+# Allow SSH remote
+iptables -I INPUT -p tcp --dport 22 -j ACCEPT
+
+# Reject all other inbound connections
+iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
+```