iptables is a popular firewall in Linux that allows you to monitor incoming and outgoing traffic to your system. It also allows you to configure rules and chains to control network packets to and from your server. In this article, we will look at how to configure iptables in Linux. We will also look at how to enable iptables, disable iptables and change iptables configuration.
How to Configure Iptables in Linux step by step
Here are the steps to configure iptables in Linux.
1. Install Iptables
Open terminal and run the following commands to update Ubuntu and then install iptables.
# sudo apt-get update # sudo apt-get install iptables
Check iptables status
# sudo iptables -L -v
You will see the following output, which lists all the rules present in your iptables. By default, iptables do not contain any rules.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Also read : How to configure NGINX reverse proxy with NodeJS
2. Configure iptables
iptables monitors traffic to and from your server using tables which contain a set of rules, called CHAINS. When a packet matches a rule, it is directed to a target which can be another chain or one of the following actions.
- ACCEPT – accepts packet to pass through
- DROP – does not accept packet to pass through
- RETURN – returns the packet to its previous chain and stops it from going forward
The default table in iptables consists of the following 3 chains:
- INPUT – for incoming packets
- FORWARD – incoming packets to be forwarded
- OUTPUT – for outgoing packets
Also read : How to Convert Image to PDF in Linux
Here is the general command to modify iptables.
sudo iptables -A <chain> -i <interface> -p <protocol (tcp/udp) > -s <source> --dport <port no.> -j <target>
Let us look at each of the options above
- – A – indicates that iptables are to be modified
- chain – name of chain such as INPUT, FORWARD or OUTPUT
- -i interface – network traffic whose traffic you want to control
- -p protocol – network protocol such as tcp/udp
- -s source – source ip address
- –dport – destination port number
- -j target – target name ACCEPT, DROP or RETURN. This will define the action to be taken in case a packet matches the rule.
Now let us look at some of the most common use cases.
Allow traffic from localhost
Here is the iptables rule to allow traffic from localhost
# sudo iptables -A INPUT -i lo -j ACCEPT
Also read : How to Search in VI Editor
Allow traffic to http, https & ssh ports
Here are the iptables rules to allow traffic to http (port 80), https (port 443) and ssh (port 22).
# sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Allow traffic from specific IP address
Here is the iptables rule to allow traffic from specific ip e.g. 188.8.131.52. Replace the ip address below as per your requirement.
sudo iptables -A INPUT -s 184.108.40.206 -j ACCEPT
Also read : How to Set Default Text Editor in Ubuntu
Disallow traffic from specific IP address
Here is the iptables rule to block traffic from specific ip e.g. 220.127.116.11. Replace the ip address below as per your requirement.
# sudo iptables -A INPUT -s 18.104.22.168 -j DROP
Drop traffic to all other ports
Here is the iptables rule to drop traffic to all ports other than the ones specified in iptables.
$ sudo iptables -A INPUT -j DROP
Also read : How to Undo Git Add Before Commit
List all iptables rules
Here is the command to list all iptables rules, with -L option.
# sudo iptables -L
Delete all iptables rules
Here is the command to delete all iptables rules and start afresh, using -F option
# sudo iptables -F
Also read : How to Install AWS CLI in Ubuntu
Delete specific iptables rule
If you want to delete a specific iptables rule, use the -D option, specify the chain name and rule number. Here is an example to delete rule number 5 of INPUT chain.
# sudo iptables -D INPUT 5
3. Save iptables changes
iptables changes are saved in memory and need to be redefined on reboot. So to make these changes persistent, we need to use the following command.
# sudo /sbin/iptables-save > /etc/iptables.conf
The above command will save your latest iptables rules in a configuration file (/etc/iptables.conf). You need to run the above command every time you make changes to iptables.
Add the following command to /etc/rc.local to load the saved iptables rules at the time of reboot.
$ sudo iptables-restore < /etc/iptables.conf
Also read : How to Tar a File in Linux
Finally, here are the commands to disable iptables in your system.
# sudo iptables -F # sudo /sbin/iptables-save
As you can see iptables is a very powerful tool to secure your server from unwanted traffic.