We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
If youre on Linux, you have plenty of options to protect your equipment.
It comes with iptables, a command-line firewall utility that offer flexibility and excellent protection.
However, as it is a command-line utility, it requires a slight learning curve.
What is iptables?
iptables is a software-based Linux built-infirewall.
It allows Linux users to create or define policies that directly and indirectly impact internet traffic.
Once you define the rules, all traffic needs to go through it.
If it does, itll apply the rule to the connection.
However, if there arent any associated applicable rules, itll implement the default rule.
To use iptables, you gotta use the following command.
To install iptables in your Linux distribution, trigger the following command.
Itll return the following as it is already pre-installed on my Linux distribution.
What is Firewall?
Firewalls are the most basic form of protecting systems, networks, and personal computers.
It can be hardware- or software-based, relying on rules to function properly.
Most firewalls are highly customizable, allowing you to create or edit rules.
Apart from that, you might also allow or block services by source IP address or connection interface.
If youre using Linux, you get access to built-in iptables.
Why Do You Need iptables to Configure the Firewall?
But why should you use iptables at all?
After all, there are good alternative command-line firewall utilities such asufwandfirewalld.
Also, you could use standalone Linux firewalls that are simple to use and offer more features.
So, what makes iptables so appealing when configuring a firewall?
The reasons to use it include:
And much more!
First, itll give us a clear understanding of different iptables components.
Then, once we know about each of them, we can use them to write firewall rules.
And, when we talk about iptables, Netfilter also comes into the picture.
you’re able to think of Netfilter as a big brother to iptables.
It builds on top of iptables and offers a better feature set to manage your firewall.
However, it does use iptables as one of the means to achieve excellent firewall capabilities.
Iptables is a command-line interface to Netfilter kernel-level hooks.
These hooks can interact with the Linux online grid stack, which affects packets at the deepest level.
So, what does the iptables architecture look like:
iptables architecture starts with tables.
These tables take care of rules organization.
And each table is classified based on the decision punch in theyre making.
The different tables offered by iptables include:
And, then, we have chains within tables.
These chains handle deep packet inspection at different stages of their journey.
This way, a decision can be made before the package is released to a systems process.
Just like tables, you also get different chains.
These include:
Not all chains are available in each table.
For example, the FORWARD chain is only available in the mangle, filter, and security table.
Similarly, the POSTROUTING chain is available on mangle and nat (SNAT).
Only the OUTPUT chain is available in all the tables.
Now, we have a target.
Once a package arrives, it moves through chains to see which rule description fits best.
In many cases, a packet will not fit any description or ruleset.
And thats where the default policy, a target, comes in.
The targets can be ACCEPT, DROP, and REJECT.
These are terminating targets that decide the packets fate.
Therere also non-terminating targets which are mainly used to store information about the packet.
The above output contains a lot of information.
However, it also hints at an inactive firewall.
Thats because, currently, all chains are set to ACCEPT and have no rules.
Youll need to start adding rules to activate the firewall.
Therefore, you must use the-A (Append) option.
The output is as follows:
Persisting Rules Manually
By default, iptables doesnt save the rules.
So, if you kickstart your box, itll remove all the rules.
Youll need to use the following commands to ensure you dont have to reconfigure iptables.
To do so, spin up the following command.
Itll open up the following window.
Press enter on .
As were working with the IPv4 table, itll only show IPv4 rules.
If youre working on IPv6, itll show the relevant window.
Note:The package only loads your saved iptables rules.
So, whenever you change the iptables, youll need to save it withtheiptables -savecommand.
Similarly, we can allow packets to leave through the loopback interface.
For example, SSL, HTTP, and SSH ports are important for the normal functioning of your apps.
For SSL, execute the following command.
For HTTPS, fire off the following command.
For allowing all HTTPS traffic at the eth0 interface.
For SSH, execute the following command.
Lets say port 233.
To open up connections on that port, run.
Similarly, you could also disable connections on a particular port by using the REJECT target option.
Lets block all connections at port 392.
To check, run theiptables -L -n -vcommand.
Delete Existing Rules
To delete existing rules, youll need to execute the following command.
spin up the following command if you wish to remove rule number 4 for the INPUT chain.
And, if you again run theiptables -n -v -Lcommand.
you’ve got the option to also use thesystemctlcommand.
However, itll not work on Ubuntu.
First, check the rules.
initiate the following command if you want to insert rules between 2 and 3.
Now, check the updated rules.
This way, you’re able to ping or download packages but block any unknown incoming traffic.
Block a Particular IP address
To block a specific IP address, execute the following command.
And, then run:
Note:Change a.b.c.d to your preferred IP address.
Allow Outbound DNS
To allow DNS connections to your server, fire off the following command.
Block Port
initiate the following command to block a specific port and any incoming requests.
Open a Particular Range of Ports
To open a range of ports, trigger the following command.
Final Words
iptables is a powerful firewall command-line utility.
Also, iptables offers plenty of options.
Check out its main page using the man command to get the complete picture.
Next, check out a internet firewall and how it helps stop attacks.
