Iptables represent a versatile firewall utility incorporated in Linux.
No matter if you are new to Linux, or an experienced system admin, you most likely will make use of iptables.
Lets see up next how to set up the most flexible Linux firewall.
Iptables are a command-line specific to the firewall utility that comes with Linux.
It makes use of a policy chain to permit or prevent traffic.
If there is a connection that attempts to establish itself on your system, iptables seek for a rule to verify if that connection is permitted.
Thus, if it isn’t allowed, iptables go for the default action.
Usually, iptables are pre-installed in any Linux system, but to update or install
it, you will only have to type this command:
# ubuntu, debian sudo apt-get install iptables.
Keep in mind that extra attention is required while doing configuration for iptables rules, as it is quite frequent to get locked out up until you can fix the issue manually at the machine.
To list the current table (rules) you can use this command:
sudo iptables -L
You should see something like:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
The table permits admins to view the settings.
You can flush the existing rules with:
# Flushing all rules iptables -F iptables -X
By default, you want to block all traffic on all ports:
# Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
To allow network traffic (TCP) on port 80, you can use this line:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
To allow incoming connections:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
To allow outgoing connections:
sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
To block an ip address:
sudo iptables -A INPUT -s 184.108.40.206 -j DROP
Don’t forget to save the rules.
On Ubuntu, install
iptables-persistent then run:
sudo /etc/init.d/iptables-persistent save sudo /etc/init.d/iptables-persistent reload
To allow incoming ssh:
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
To allow outgoing ssh:
sudo iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
This config allows ssh connections only:
# Flushing all rules iptables -F iptables -X # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Allow unlimited traffic on loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow incoming ssh only iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 513:65535 --dport 22 -m stat e --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 22 --dport 513:65535 -m sta te --state ESTABLISHED -j ACCEPT # make sure nothing comes or goes out of this box iptables -A INPUT -j DROP iptables -A OUTPUT -j DROP
Mainly, there are several functionalities related to iptables, for which an admin will use them in Linux. These include the following:
- Blocking IPs
- Creating, viewing and deleting rules
- Inserting and replacing rules
- Establishing protocols in modules
- Tracking connections
- Modifying the default policy
- Choosing interfaces
- Blocking invalid TCP packets via the tcp module
- Limiting packets
- Creating custom chains
- Setting up LOG targets
- Saving iptables rules across reboots
Bottom line, a firewall is an essential security tool for Linux administrators.
Iptables offer an extremely secure firewall that can aid admins to secure their systems.
This tool creates the functionalities required for a powerful firewall, while allowing the admin to set up in place personalized rules, depending on the needs of the system.
Besides, iptables are proved to be helpful for preventing unauthorized access to a system, as several tables are in place that manage both incoming and outgoing connections.