> iptables
Configure Linux firewall with iptables/nftables. Use when a user asks to set up a firewall, block ports, allow specific traffic, configure NAT, or secure a Linux server network.
curl "https://skillshub.wtf/TerminalSkills/skills/iptables?format=md"iptables / nftables
Overview
iptables is the traditional Linux firewall. nftables is its modern replacement (default on newer distros). Both filter network packets using rules organized in chains and tables. Essential for server hardening.
Instructions
Step 1: Basic iptables Rules
# View current rules
sudo iptables -L -n -v
# Allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow SSH (port 22)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP and HTTPS
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT
# Drop everything else
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
# Save rules (persist across reboots)
sudo iptables-save | sudo tee /etc/iptables/rules.v4
Step 2: UFW (Simplified Frontend)
# UFW is easier for most use cases
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow from 10.0.0.0/8 to any port 5432 # PostgreSQL from internal only
sudo ufw enable
sudo ufw status verbose
Step 3: nftables (Modern)
# /etc/nftables.conf — nftables configuration
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state established,related accept
iif lo accept
tcp dport { 22, 80, 443 } accept
icmp type echo-request accept
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
Guidelines
- Use UFW for simple setups — it's a frontend for iptables with human-readable commands.
- Default policy should be DROP for INPUT — only allow what you need.
- Always allow established connections first, or you'll lock yourself out.
- Test rules before saving — a wrong rule can disconnect your SSH session.
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zoho
Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> zipkin
Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.