bsdnerds logo

bsdnerds.org

What is iptables?

Iptables represent a versatile firewall utility incorporated in Linux.

No matter if you are new to Linux, or an experienced system admin, you most likely will make use of iptables.

Lets see up next how to set up the most flexible Linux firewall.

What is iptables?

Iptables are a command-line specific to the firewall utility that comes with Linux.

It makes use of a policy chain to permit or prevent traffic.

If there is a connection that attempts to establish itself on your system, iptables seek for a rule to verify if that connection is permitted.

Thus, if it isn’t allowed, iptables go for the default action.

Usually, iptables are pre-installed in any Linux system, but to update or install
it, you will only have to type this command:

# ubuntu, debian
sudo apt-get install iptables. 

Keep in mind that extra attention is required while doing configuration for iptables rules, as it is quite frequent to get locked out up until you can fix the issue manually at the machine.

How to use iptables?

To list the current table (rules) you can use this command:

sudo iptables -L  

You should see something like:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The table permits admins to view the settings.

You can flush the existing rules with:

# Flushing all rules
iptables -F
iptables -X

By default, you want to block all traffic on all ports:

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

To allow network traffic (TCP) on port 80, you can use this line:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

To allow incoming connections:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

To allow outgoing connections:

sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

To block an ip address:

sudo iptables -A INPUT -s 15.15.15.51 -j DROP

Don’t forget to save the rules.

On Ubuntu, install iptables-persistent then run:

sudo /etc/init.d/iptables-persistent save 
sudo /etc/init.d/iptables-persistent reload

iptables allow ssh

To allow incoming ssh:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

To allow outgoing ssh:

sudo iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables example config

This config allows ssh connections only:

# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow incoming ssh only
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 513:65535 --dport 22 -m stat    e --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 22 --dport 513:65535 -m sta    te --state ESTABLISHED -j ACCEPT
# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

What is iptables in Linux used for?

Mainly, there are several functionalities related to iptables, for which an admin will use them in Linux. These include the following:

  • Blocking IPs
  • Creating, viewing and deleting rules
  • Inserting and replacing rules
  • Establishing protocols in modules
  • Tracking connections
  • Modifying the default policy
  • Choosing interfaces
  • Blocking invalid TCP packets via the tcp module
  • Limiting packets
  • Creating custom chains
  • Setting up LOG targets
  • Saving iptables rules across reboots

Bottom line, a firewall is an essential security tool for Linux administrators.

Iptables offer an extremely secure firewall that can aid admins to secure their systems.

This tool creates the functionalities required for a powerful firewall, while allowing the admin to set up in place personalized rules, depending on the needs of the system.

Besides, iptables are proved to be helpful for preventing unauthorized access to a system, as several tables are in place that manage both incoming and outgoing connections.