{"id":6945,"date":"2021-12-30T11:07:17","date_gmt":"2021-12-30T10:07:17","guid":{"rendered":"https:\/\/milchyn.cz\/?page_id=6945"},"modified":"2025-09-22T10:46:05","modified_gmt":"2025-09-22T10:46:05","slug":"firewall-iptables","status":"publish","type":"page","link":"https:\/\/milchyn.cz\/firewall-iptables","title":{"rendered":"FireWall IPTABLES"},"content":{"rendered":"<p>Konfigura\u010dn\u00ed p\u0159\u00edklad pravidel IPTABLES aktivovan\u00fdch p\u0159i startu syst\u00e9mu pomoc\u00ed systemd slu\u017eby. Zaj\u00edmav\u00fd \u010dl\u00e1nek: <a href=\"https:\/\/www.linuxexpres.cz\/praxe\/sprava-linuxoveho-serveru-linuxovy-firewall-zaklady-iptables\" target=\"_blank\" rel=\"noopener\">Spr\u00e1va linuxov\u00e9ho serveru: Linuxov\u00fd firewall, z\u00e1klady iptables<\/a>. Uv\u00e1d\u00edm p\u0159\u00edklad generovan\u00fdch pravidlech dle listu IP segment\u016f sta\u017een\u00fdch z <a href=\"https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone\" target=\"_blank\" rel=\"noopener\">https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone<\/a> pro CZ region. Sice ze zku\u0161enosti seznam nen\u00ed stoprocentn\u00ed, ale pro z\u00e1kladn\u00ed filtr dosta\u010duj\u00edc\u00ed. Dal\u0161\u00ed regiony <a href=\"https:\/\/www.ipdeny.com\/ipblocks\" target=\"_blank\" rel=\"noopener\">https:\/\/www.ipdeny.com\/ipblocks<\/a> .<\/p>\n<a id=\"nastaven\u00ed_pravidel\"><\/a><div class=\"mch-acr\"><div class=\"mch-acr-title\" role=\"button\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"mch-acr-content-4\">Nastaven\u00ed pravidel<\/div><div id=\"mch-acr-content-4\" class=\"mch-acr-content\" hidden><\/p>\n<p>\ud83d\udcbb <code>sudo vi \/etc\/network\/iptables.conf<\/code><\/p>\n<p>Vlo\u017eit:<br \/>\n<pre>#!\/bin\/sh\n###################################################################################################\n#\n#&nbsp;&nbsp;PRAVIDLA:&nbsp;&nbsp;PC (IPV4)\n#&nbsp;&nbsp;====================\n#\n#&nbsp;&nbsp;18.04.2022\n#\n#&nbsp;&nbsp;&nbsp;&nbsp;\/etc\/systemd\/system\/iptables.service\n#&nbsp;&nbsp;&amp;gt; \/etc\/network\/iptables.conf\n#&nbsp;&nbsp;&nbsp;&nbsp;\/etc\/network\/iptables.conf.disable\n#\n#--------------------------------------------------------------------------------------------------\n#\n# sudo netstat -tulpn | grep LISTEN\n#\n# sudo wget -T 3 --no-check-certificate https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone \\\n#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -O \/etc\/network\/cz.zone&nbsp;&nbsp;2&amp;gt;\/dev\/null &amp;amp;&amp;amp; echo ok || echo ERR\n#__________________________________________________________________________________________________\n\n_FILE_CZ_ZONE=&quot;\/etc\/network\/cz.zone&quot;\n \n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _Z_R_U_S_E_N_I__P_R_E_D_C_H_O_Z_I_C_H__P_R_A_V_I_D_E_L_\n#__________________________________________________________________________________________________\n\niptables -F\niptables -X\n\nip6tables -F\nip6tables -X\n\n# D E K L A R A C E\n# `````````````````\n\niptables -N&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_ADMIN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # p:22 selelktivne IP administratoru\niptables -N&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_NET&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # p:22 internet\n\niptables -N&nbsp;&nbsp;&nbsp;&nbsp; _IP_CZ_ZONE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # omezeni na CZ region\n\niptables -N&nbsp;&nbsp;&nbsp;&nbsp; _LOG+ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # ... logovani + ACCEPT\niptables -N&nbsp;&nbsp;&nbsp;&nbsp; _LOG+DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # ... logovani + DROP&nbsp;&nbsp;\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _V_Y_C_H_O_Z_I__P_R_A_V_I_D_L_A_\n#__________________________________________________________________________________________________\n\niptables -P&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DROP\niptables -P&nbsp;&nbsp;&nbsp;&nbsp; FORWARD&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DROP\niptables -P&nbsp;&nbsp;&nbsp;&nbsp; OUTPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ACCEPT\n\nip6tables -P&nbsp;&nbsp;&nbsp;&nbsp;INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DROP\nip6tables -P&nbsp;&nbsp;&nbsp;&nbsp;FORWARD&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DROP\nip6tables -P&nbsp;&nbsp;&nbsp;&nbsp;OUTPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ACCEPT\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _V_S_T_U_P_N_I__P_R_A_V_I_D_L_A_\n#__________________________________________________________________________________________________\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n\n#--------------------------------------------------------------------------------------------------\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -i lo&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # lokalni smycka\nip6tables -A&nbsp;&nbsp;&nbsp;&nbsp;INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -i lo&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # lokalni smyckaa ipv6\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -s 10.0.0.0\/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j ACCEPT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # vse domaci sit\n\n#--------------------------------------------------------------------------------------------------\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -p tcp --dport 22&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j _IP_SSH_ADMIN # ssh administratori\n\n#--------------------------------------------------------------------------------------------------\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j _IP_CZ_ZONE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# pusti dal jen CZ region\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -p tcp --dport 22&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j _IP_SSH_NET&nbsp;&nbsp;# ssh (CZ) region \n\n#--------------------------------------------------------------------------------------------------\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; INPUT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # zahodit vse ostatni\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _P_O_D_S_K_U_P_I_N_Y__P_R_A_V_I_D_E_L_\n# \n\n# _IP_SSH_ADMIN\n# `````````````\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_ADMIN&nbsp;&nbsp; -s 111.111.111.111&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j _LOG+ACCEPT\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_ADMIN&nbsp;&nbsp; -s 222.222.222.222&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j _LOG+ACCEPT\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_ADMIN&nbsp;&nbsp; -j RETURN\n\n# _IP_SSH_NET\n# ```````````\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_NET&nbsp;&nbsp;&nbsp;&nbsp; -s 222.111.222.111&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j _LOG+ACCEPT\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_NET&nbsp;&nbsp;&nbsp;&nbsp; -s 111.222.111.222&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j _LOG+ACCEPT\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _IP_SSH_NET&nbsp;&nbsp;&nbsp;&nbsp; -j _LOG+DROP\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _I_P___C_Z__Z_O_N_E__P_R_A_V_I_D_L_A_\n#\n\nif [ -r &quot;$_FILE_CZ_ZONE&quot; ]\nthen\n&nbsp;&nbsp;for _IP_ZONE in `sudo cat &quot;$_FILE_CZ_ZONE&quot; 2&amp;gt;\/dev\/null`\n&nbsp;&nbsp;do\n&nbsp;&nbsp;&nbsp;&nbsp;#echo $_IP_ZONE\n&nbsp;&nbsp;&nbsp;&nbsp;iptables&nbsp;&nbsp;-A&nbsp;&nbsp;_IP_CZ_ZONE&nbsp;&nbsp;-s $_IP_ZONE&nbsp;&nbsp;-j RETURN\n&nbsp;&nbsp;done\nfi\n\niptables -A&nbsp;&nbsp;_IP_CZ_ZONE&nbsp;&nbsp; -j _LOG+DROP_CZ\niptables -A&nbsp;&nbsp;_IP_CZ_ZONE&nbsp;&nbsp; -j DROP\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# _Z_A_K_O_N_C_E_N_I__L_O_G_E_M_\n#__________________________________________________________________________________________________\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _LOG+ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; -m state --state NEW -m limit --limit 5\/min \\\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j LOG --log-prefix &quot; _IPT_ACCEPT_ &quot;\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _LOG+ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; -j ACCEPT\n\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _LOG+DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -m state --state NEW -m limit --limit 5\/min \\\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-j LOG --log-prefix &quot; _IPT_DROP_ &quot;\niptables -A&nbsp;&nbsp;&nbsp;&nbsp; _LOG+DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; -j DROP\n\n#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n###################################################################################################\n# V Y P I S&nbsp;&nbsp; P R A V I D E L\n# ```````````````````````````\niptables -L -n -v\n###################################################################################################\n<\/pre><\/p>\n<h5>Opr\u00e1vn\u011bn\u00ed<\/h5>\n<p>\ud83d\udcbb <code>sudo chown root:root \/etc\/network\/iptables.conf<\/code><\/p>\n<p>\ud83d\udcbb <code>sudo chmod 640 \/etc\/network\/iptables.conf<\/code><\/p>\n<p><\/div><\/div>\n<a id=\"vytvo\u0159en\u00ed_slu\u017eby\"><\/a><div class=\"mch-acr\"><div class=\"mch-acr-title\" role=\"button\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"mch-acr-content-5\">Vytvo\u0159en\u00ed slu\u017eby<\/div><div id=\"mch-acr-content-5\" class=\"mch-acr-content\" hidden><\/p>\n<p>\ud83d\udcbb <code>sudo vi \/etc\/systemd\/system\/iptables.service<\/code><br \/>\n<pre>###############################################################\n#\n#&nbsp;&nbsp;FIREWALL IPTABLES PRAVIDLA\n#&nbsp;&nbsp;==========================\n#\n#&nbsp;&nbsp;18.04.2022\n#\n#&nbsp;&nbsp;&amp;gt; \/etc\/systemd\/system\/iptables.service\n#&nbsp;&nbsp;&nbsp;&nbsp;\/etc\/network\/iptables.conf\n#&nbsp;&nbsp;&nbsp;&nbsp;\/etc\/network\/iptables.conf.disable\n#\n#&nbsp;&nbsp;sudo systemctl daemon-reload\n#&nbsp;&nbsp;sudo systemctl start iptables.service\n#&nbsp;&nbsp;sudo systemctl enable iptables.service\n#&nbsp;&nbsp;sudo systemctl --no-pager status iptables.service\n#\n\n[Unit]\nDescription=&quot;FIREWALL IPTABLES PRAVIDLA&quot;\n\n[Service]\nType=oneshot\nUser=root\nGroup=root\nExecStart=\/bin\/sh \/etc\/network\/iptables.conf \nRemainAfterExit=yes\nExecStop=\/bin\/sh \/etc\/network\/iptables.conf.disable\nTimeoutStopSec=1s\n\n[Install]\nWantedBy=multi-user.target\n###############################################################\n<\/pre><br \/>\n<\/div><\/div>\n<a id=\"aktivace_slu\u017eby\"><\/a><div class=\"mch-acr\"><div class=\"mch-acr-title\" role=\"button\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"mch-acr-content-6\">Aktivace slu\u017eby<\/div><div id=\"mch-acr-content-6\" class=\"mch-acr-content\" hidden><\/p>\n<p>\ud83d\udcbb <code>sudo systemctl daemon-reload<\/code><\/p>\n<p>\ud83d\udcbb <code>sudo systemctl enable iptables.service<\/code><\/p>\n<p>\ud83d\udcbb <code>sudo systemctl start iptables.service<\/code><\/p>\n<p>\ud83d\udcbb <code>sudo systemctl --no-pager status iptables.service<\/code><\/p>\n<p><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Konfigura\u010dn\u00ed p\u0159\u00edklad pravidel IPTABLES aktivovan\u00fdch p\u0159i startu syst\u00e9mu pomoc\u00ed systemd slu\u017eby. Zaj\u00edmav\u00fd \u010dl\u00e1nek: Spr\u00e1va linuxov\u00e9ho serveru: Linuxov\u00fd firewall, z\u00e1klady iptables. Uv\u00e1d\u00edm p\u0159\u00edklad generovan\u00fdch pravidlech dle listu IP segment\u016f sta\u017een\u00fdch z https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone pro CZ region. Sice ze zku\u0161enosti seznam nen\u00ed stoprocentn\u00ed, ale pro z\u00e1kladn\u00ed filtr dosta\u010duj\u00edc\u00ed. Dal\u0161\u00ed regiony https:\/\/www.ipdeny.com\/ipblocks .<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":6311,"menu_order":888,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-6945","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.1.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FireWall IPTABLES - milchyn.cz<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/milchyn.cz\/firewall-iptables\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FireWall IPTABLES - milchyn.cz\" \/>\n<meta property=\"og:description\" content=\"Konfigura\u010dn\u00ed p\u0159\u00edklad pravidel IPTABLES aktivovan\u00fdch p\u0159i startu syst\u00e9mu pomoc\u00ed systemd slu\u017eby. Zaj\u00edmav\u00fd \u010dl\u00e1nek: Spr\u00e1va linuxov\u00e9ho serveru: Linuxov\u00fd firewall, z\u00e1klady iptables. Uv\u00e1d\u00edm p\u0159\u00edklad generovan\u00fdch pravidlech dle listu IP segment\u016f sta\u017een\u00fdch z https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone pro CZ region. Sice ze zku\u0161enosti seznam nen\u00ed stoprocentn\u00ed, ale pro z\u00e1kladn\u00ed filtr dosta\u010duj\u00edc\u00ed. Dal\u0161\u00ed regiony https:\/\/www.ipdeny.com\/ipblocks .\" \/>\n<meta property=\"og:url\" content=\"https:\/\/milchyn.cz\/firewall-iptables\" \/>\n<meta property=\"og:site_name\" content=\"milchyn.cz\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-22T10:46:05+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minuta\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/milchyn.cz\/firewall-iptables\",\"url\":\"https:\/\/milchyn.cz\/firewall-iptables\",\"name\":\"FireWall IPTABLES - milchyn.cz\",\"isPartOf\":{\"@id\":\"https:\/\/milchyn.cz\/#website\"},\"datePublished\":\"2021-12-30T10:07:17+00:00\",\"dateModified\":\"2025-09-22T10:46:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/milchyn.cz\/firewall-iptables#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/milchyn.cz\/firewall-iptables\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/milchyn.cz\/firewall-iptables#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Dom\u016f\",\"item\":\"https:\/\/milchyn.cz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linux\",\"item\":\"https:\/\/milchyn.cz\/pocitac-s-linuxem\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Po\u010d\u00edta\u010d s Xubuntu\",\"item\":\"https:\/\/milchyn.cz\/pocitac-s-linuxem\/pocitac-s-xubuntu\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Zabezpe\u010den\u00ed \ud83d\udd10\",\"item\":\"https:\/\/milchyn.cz\/linux-zabezpeceni\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"FireWall IPTABLES\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/milchyn.cz\/#website\",\"url\":\"https:\/\/milchyn.cz\/\",\"name\":\"milchyn.cz\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/milchyn.cz\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FireWall IPTABLES - milchyn.cz","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/milchyn.cz\/firewall-iptables","og_locale":"cs_CZ","og_type":"article","og_title":"FireWall IPTABLES - milchyn.cz","og_description":"Konfigura\u010dn\u00ed p\u0159\u00edklad pravidel IPTABLES aktivovan\u00fdch p\u0159i startu syst\u00e9mu pomoc\u00ed systemd slu\u017eby. Zaj\u00edmav\u00fd \u010dl\u00e1nek: Spr\u00e1va linuxov\u00e9ho serveru: Linuxov\u00fd firewall, z\u00e1klady iptables. Uv\u00e1d\u00edm p\u0159\u00edklad generovan\u00fdch pravidlech dle listu IP segment\u016f sta\u017een\u00fdch z https:\/\/www.ipdeny.com\/ipblocks\/data\/countries\/cz.zone pro CZ region. Sice ze zku\u0161enosti seznam nen\u00ed stoprocentn\u00ed, ale pro z\u00e1kladn\u00ed filtr dosta\u010duj\u00edc\u00ed. Dal\u0161\u00ed regiony https:\/\/www.ipdeny.com\/ipblocks .","og_url":"https:\/\/milchyn.cz\/firewall-iptables","og_site_name":"milchyn.cz","article_modified_time":"2025-09-22T10:46:05+00:00","twitter_card":"summary_large_image","twitter_misc":{"Odhadovan\u00e1 doba \u010dten\u00ed":"1 minuta"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/milchyn.cz\/firewall-iptables","url":"https:\/\/milchyn.cz\/firewall-iptables","name":"FireWall IPTABLES - milchyn.cz","isPartOf":{"@id":"https:\/\/milchyn.cz\/#website"},"datePublished":"2021-12-30T10:07:17+00:00","dateModified":"2025-09-22T10:46:05+00:00","breadcrumb":{"@id":"https:\/\/milchyn.cz\/firewall-iptables#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/milchyn.cz\/firewall-iptables"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/milchyn.cz\/firewall-iptables#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Dom\u016f","item":"https:\/\/milchyn.cz\/"},{"@type":"ListItem","position":2,"name":"Linux","item":"https:\/\/milchyn.cz\/pocitac-s-linuxem"},{"@type":"ListItem","position":3,"name":"Po\u010d\u00edta\u010d s Xubuntu","item":"https:\/\/milchyn.cz\/pocitac-s-linuxem\/pocitac-s-xubuntu"},{"@type":"ListItem","position":4,"name":"Zabezpe\u010den\u00ed \ud83d\udd10","item":"https:\/\/milchyn.cz\/linux-zabezpeceni"},{"@type":"ListItem","position":5,"name":"FireWall IPTABLES"}]},{"@type":"WebSite","@id":"https:\/\/milchyn.cz\/#website","url":"https:\/\/milchyn.cz\/","name":"milchyn.cz","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/milchyn.cz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"}]}},"_links":{"self":[{"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/pages\/6945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/milchyn.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6945"}],"version-history":[{"count":0,"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/pages\/6945\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/milchyn.cz\/index.php?rest_route=\/wp\/v2\/pages\/6311"}],"wp:attachment":[{"href":"https:\/\/milchyn.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}