Iptables in Linux

Iptables in Linux are used to filter traffic on a linux system. It scans incoming and outgoing traffic against a set of pre-defined rules. In fact, it acts as a command line firewall. Iptables are defined by tables, chains, and rules. There are a grand total of 5 tables (filter, nat, mangle, raw, and security), however, only 3 (filter, nat and mangle) are frequently used. By default, if no other table is specified, iptables will use the filter table. Moreover, there are 5 types of chains (pre-routing, input, forward, output, and post-routing). By default, every chain is not available for every table. For example, for the mangle table, only the pre-routing, the input, the forward, and the output chains are available. Whilst for the filter table, only the input, the forward, and the output chains are available. Further information can be found at https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture.

You may also like this:

• How to setup firewall on dedicated Linux server?

Iptables typically comes pre-installed on Linux systems. However, if you still need to install it, you can enter the following:

sudo apt-get install iptables

Checking for current rules

To check the current rules:

sudo iptables -L

By default, there are no rules instilled on the system, however, you can always append your own rules. When you do append your rule, iptables checks each incoming/outgoing traffic against the set of rules, and either permits it or denies it.

Appending rules

So you can append any kind of rules based on the notations found in the man page. I will not list them here as you can refer to them in the man page for iptables.

man iptables

However, we have to make a few notes in order to be able to write good rules. Appending a rule can be done using hyphen A or hyphen I. The difference between a -A and a -I is where a rule is inserted. If you use -A, the rule will be appended at the end of the list, whist if you use -I, it will be appended at the beginning of the list. The order in which the rules are appended matters! Because iptables will check the incoming or outgoing traffic against every rule in the iptables list, and that it will check it from beginning to end in that order, it really matters where a rule is located.

Now, when you append the rule, you can specify a lot of things if you wish to be precise such as the table, the port, etc… For example:

sudo iptables -t nat -A PREROUTING -p tcp --dport [port] -j DNAT --to-destination [IP]:[port]

sudo iptables -t nat -A POSTROUTING -p tcp -d [IP] --dport [port] -j SNAT --to-source [IP]

It all depends on the rule that you’re trying to do.

Accepting all incoming and outgoing traffic from an IP address

Now suppose that we’d like to allow all incoming and outgoing traffic from a specific ip address:

sudo iptables -A INPUT -p tcp -s [IP] -j ACCEPT
sudo iptables -A OUTPUT -p tcp -d [IP] -j ACCEPT

Here, we’d have to append two rules, one for incoming traffic and one for outgoing traffic. For incoming traffic, we append (-A) INPUT, and for outgoing, we append (-A) OUTPUT.

Blocking an IP Address

Now let’s try to append a new rule to block a particular ip address:

sudo iptables -A INPUT -s [IP] -j DROP

Here, since the we’re trying to block an incoming traffic, we say append an input rule. We then specify the ip address that we’d like to block. Finally, we tell it what to do, in this case, we’re saying DROP which means block it, but you could have written ACCEPT to accept it.

Erasing a rule in iptables

Now suppose you want to delete a rule that has served its purpose.

First you can list the rules in order, and by number:

sudo iptables -L --line-numbers

Then, you can delete it:

sudo iptables -D [chain] [line-number]   

Here, you can replace [chain] with chain, and [line-number] with the actual number of line in which the rule is specified. For example:

sudo iptables -D INPUT 3

This would mean the third rule in the input table.

Delete the entire iptable

Deleting the entire iptables is called flushing it. In order to flush the entire table, and begin anew:

sudo iptables --flush

Iptables are a packet filtering system on linux. With iptables, you can configure your own set of rules. These rules can be easily added, erased, moved, and deleted altogether.

Happy Coding!

FAQs

What are Iptables?

Iptables are used to filter traffic on a linux system. It scans incoming and outgoing traffic against a set of pre-defined rules. In fact, it acts as a command line firewall.

How do you block an IP address using Iptables?

sudo iptables -A INPUT -s -j DROP

Since we’re trying to block incoming traffic, we use the term INPUT. We then specify the ip address we’d like to block using hyphen s. Lastly, we use the term DROP to mean block.

How many tables are available in iptables?

There are a grand total of 5 tables (filter, nat, mangle, raw, and security), however, only 3 (filter, nat and mangle) are frequently used.

What are the chains available for iptables?

Moreover, there are 5 types of chains (pre-routing, input, forward, output, and post-routing). By default, every chain is not available for every table.