IPTables 2

IPTables basically based on matching all packets with rules in IPTables tables (Filter, NAT, Mangle) So we can manage matching based on various ways (MAC, IP, ports, protocols .. etc ) or we can say it’s based on Network layers (Data Link, Network, Transport).

For source MAC You can use this flag -m mac --mac-source and for destination MAC you can use this flag -m mac --mac-destination, this will match based on MAC address instead of IP address
Example:
Block traffic from 192.168.0.5 with MAC address (00:C6:3A:54:8D:05)
iptables -A INPUT -m mac --mac-source 00:c6:3A:54:8D:05 -j DROP

For source IP you can use this flags -s or --src or --source
For destination IP you can use this flags -d or --dst or --destination
Example:
Block all traffic from 192.168.0.5
iptables -A INPUT -s 192.168.0.5 -j DROP
Or
iptables -A INPUT --src 192.168.0.5 -j DROP
Or
iptables -A INPUT --source 192.168.0.5 -j DROP

Protocols such as (TCP UDP ICMP), for protocol you can use this flag -p or --protocol
For source port you can use this flags --sport or --source-port
For destination port you can use this flags --dport or --destination-port
Example for TCP:
Allow host 192.168.0.5 to connect with my SSH
iptables -A INPUT -s 192.168.0.5 -p tcp --dport 22 -j ACCEPT
Examples for UDP:
1-Allow hosts to connect with my NTP (port=123)
iptables -A INPUT -p udp --dport 123 -j ACCEPT
2- Deny access to syslog (port=514)
iptables -A INPUT -p udp --dport 514 -j DROP

There are two of ICMP types echo-request and echo-replay.
Example:
ping 10.0.0.10 , this mean my computer send echo-request to 10.0.0.10 and this host sends echo-replay.
This process known as ping or ping for echo-request and pong for echo-replay
By using protocol flags -p or --protocol and use --icmp-type to specify which type you want to deal with.
Example:
Block my computer to replay on ping request or (deny echo-replay)
iptables -A INPUT -p icmp --icmp-type echo-replay -j DROP