How to use iptables Firewall Rules on Linux

  Linux system administration, Security
Iptables Firewall Rules on Linux tutorial

Introduction

Iptables is a powerful Linux utility that allows system administrators to configure the kernel’s built-in firewall. Iptables uses a set of rules to determine how to filter network traffic. Each rule specifies what type of traffic to filter and what action to take on matching traffic.

In this guide, we will discuss some basic iptables rules and commands to help secure your server. By default, iptables blocks all incoming traffic and allows all outgoing traffic. This is not very secure, so we will need to add some rules to make our server more secure.

Basic Syntax

Before we get started, let’s go over the basic syntax for iptables. The general syntax for iptables is as follows:

$ iptables -A <chain> -p <protocol> -s <source> -d <destination> -j <action>

Where:

  • <chain> is the name of the chain (explained below)
  • <protocol> is the protocol of the traffic (usually TCP, UDP, or ICMP)
  • <source> is the source IP address
  • <destination> is the destination IP address
  • <action> is the action to take (usually ACCEPT or DROP)

Chains

Chains are used to group together related iptables rules. There are three built-in chains:

  • INPUT: for incoming traffic
  • OUTPUT: for outgoing traffic
  • FORWARD : in the case of traffic routed from one network to another.

Or you also create our own custom chains.

Actions

There are two main actions that we can take with iptables: ACCEPT and DROP.

  • ACCEPT: allows the traffic through
  • DROP: blocks the traffic

Basic Commands

Listing Rules

The iptables -L command is used for listing all the rules in a chain.

$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The -v option is used for listing the rules with verbose output.

$ iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Adding Rules

The iptables -A command is used for adding a rule at the end of a chain.

$ iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT

The -I option is used for adding a rule at the specified position in a chain.

$ iptables -I INPUT 2 -s 192.168.1.0/24 -j ACCEPT

The -p option is used for specifying the protocol and --dport option is used for specifying the destination port.

$ iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Deleting Rules

The iptables -D command is used for deleting a rule at the specified position in a chain.

$ iptables -D INPUT 2

-F : option is used for deleting all the rules in a chain.

$ iptables -F INPUT

-X  : The option is used for deleting a user defined chain.

$ iptables -X mychain

-P This option is used for specifying the default policy for a chain.

$ iptables -P INPUT DROP

Saving Rules

The iptables-save command is used for saving the current iptables rules.

$ iptables-save > /etc/iptables.rules

The iptables-restore command is used for restoring the saved iptables rules.

$ iptables-restore < /etc/iptables.rules

Conclusion

In this guide, we learned how to list, delete, save, and restore iptables rules.

2 thoughts on - How to use iptables Firewall Rules on Linux

LEAVE A COMMENT