Linux Firewall iptables tutorial

Iptables is an extremely flexible firewall tool designed for Linux operating systems. Iptables is useful for Linux geeks and system administrators. This article will show you how to configure the most common Linux firewall.

About iptables

Iptables is a command line-based firewall tool that uses rule chains to allow/Block network traffic. When a network connection is attempted to be created in your system, iptables searches for matching rules. If not, iptables takes the default action.
Almost all Linux distributions are pre-installed with iptables. The command to update/install iptables in Ubuntu/Debian is:

Sudo apt-get install iptables

Some existing graphic interface software can also replace iptables, such as Firestarter. However, iptables is not difficult to use. Be especially careful when configuring iptables rules, especially when you log on to the server remotely. This is because an error may cause you to lose connection with the server permanently, and you must go to the server to solve it.

Type of Iptables rule chain

The rules of Iptables are divided into three types: input, forwarding, and output.
Input -- this chain is used to filter the local connection of the destination address. For example, if a user attempts to log on to your PC/server using SSH, iptables first matches the input chain rules from its IP address and port to iptables.

Forward -- this chain is used to filter the connection between the destination address and the source address. For example, the maximum amount of data received by the router must be forwarded to other hosts. If your system does not enable functions similar to vro, such as NATing, you do not need to use this chain.
There is a safe and reliable way to check whether your system requires a forwarding link:

Iptables-L-v

It is for a server that has been running for several weeks. This server has no restrictions on input and output. We can see that the input chain and output chain have processed data of 11 GB and 17 GB respectively, while the forwarding chain has not processed any data. This is because the server has not enabled the forwarding function similar to the router.

Output -- this chain is used to filter the local connection of the source address. For example, when you try to ping howtogeek.com, iptables checks the rules related to ping and howtogeek.com in the output chain, and then decides whether to allow or reject your connection request.

Note: When you ping An external host, it seems that the output chain is working. However, remember that the data returned by the external host must be filtered by the input chain. When configuring iptables rules, remember that many protocols require two-way communication, so you need to configure both the input chain and the output chain. When configuring SSH, people usually forget to configure it in both the input and output chains.

Default behavior of a chain

Before configuring specific rules, you may want to configure the default behavior of these links. In other words, what behavior do you want iptables to perform when it cannot match existing rules.
You can run the following command to display the default action of the current iptables for unmatched connections:

Iptables-L

As shown above, we can use grep to make the output result more concise. In the preceding example, all links are accepted by default.
Generally, you want your system to receive all network data by default. This is also the default iptables configuration. The configuration command for receiving network connections is:

Iptables -- policy INPUT ACCEPT
Iptables -- policy OUTPUT ACCEPT
Iptables -- policy FORWARD ACCEPT

You can also use the default configuration to add commands to filter out specific IP addresses or port numbers. We will introduce these commands later in this article.
If you want to deny all network connections by default and add the allowed IP addresses or port numbers to them, you can change the ACCEPT in the default configuration to DROP, as shown in. This is extremely useful for some servers that contain sensitive data. Generally, these servers only allow specific IP addresses to access them.

Iptables -- policy INPUT DROP
Iptables -- policy OUTPUT DROP
Iptables -- policy FORWARD DROP

 

Recommended reading:

Iptables-packet filtering (Network Layer) Firewall

Linux Firewall iptables

Iptables + L7 + Squid implements a complete software firewall

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

1 2 Next Page