Basic Guide on IPTables (Linux Firewall) Tips / Commands

This tutorial guides you how firewall works in Linux Operating system and what is IPTables in Linux? Firewall decides fate of packets incoming and outgoing in system. IPTables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. IPTables was included in Kernel 2.4, prior it was called ipchains or ipfwadm. IPTables is a front-end tool to talk to the kernel and decides the packets to filter. This guide may help you to rough idea and basic commands of IPTables where we are going to describe practical iptables rules which you may refer and customized as per your need.

Different services is used for different protocols as:

  1. iptables applies to IPv4.
  2. ip6tables applies to IPv6.
  3. arptables applies to ARP.
  4. ebtables applies to Ethernet frames..

IPTables main files are:

  1. /etc/init.d/iptables – init script to start|stop|restart and save rulesets.
  2. /etc/sysconfig/iptables – where Rulesets are saved.
  3. /sbin/iptables – binary.

There are at present three tables.

  • Filter
  • NAT
  • Mangle

At present, there are total four chains:

  1. INPUT : Default chain originating to system.
  2. OUTPUT : Default chain generating from system.
  3. FORWARD : Default chain packets are send through another interface.
  4. RH-Firewall-1-INPUT : The user-defined custom chain.

Note: Above main files may slightly differ in Ubuntu Linux.

How to start, stop and restart Iptabe Firewall.

# /etc/init.d/iptables start 
# /etc/init.d/iptables stop
# /etc/init.d/iptables restart

To start IPTables on system boot, use the following command.

#chkconfig --level 345 iptables on

Saving IPTables rulesets with below command. Whenever system rebooted and restarted the IPTables service, the exsiting rules flushed out or reset. Below command save TPTables rulesets in /etc/sysconfig/iptables file by default and rules are applied or restored in case of IPTables flushes out.

#service iptables save

Checking the status of IPTables / Firewall. Options “-L” (List ruleset), “-v” (Verbose) and “-n” (Displays in numeric format).

[[email protected] ~]# iptables -L -n -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    6   396 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5 packets, 588 bytes)
 pkts bytes target     prot opt in     out     source               destination

Display IPTables rules with numbers. With the help of argument “–line-numbers” you can append or remove rules.

[[email protected] ~]# iptables -n -L -v --line-numbers

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       51  4080 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 45 packets, 5384 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Flushing or deleting IPTables rules. Below command will remove all the rules from tables. Take rulesets backup before executing above command.

[[email protected] ~]# iptables -F

Deleting or appending rules, let us first see the rules in chains. Below commands shall display rulesets in INPUT and OUTPUT chains with rule numbers which will help us to add or delete rules

[[email protected] ~]# iptables -L INPUT -n --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
[[email protected] ~]# iptables -L OUTPUT -n --line-numbers
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Let’s say if you want to delete rule no 5 from INPUT chain. Use the following command.

[[email protected] ~]# iptables -D INPUT 5

To insert or append rule to INPUT chain in between 4 and 5 ruleset.

[[email protected] ~]# iptables -I INPUT 5 -s ipaddress -j DROP

We have just tried to cover basic usages and functions of IPTables for begineer. You may create complex rules once you have complete understanding of TCP/IP and good knowledge of your setup.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

6 Responses

  1. ahmad says:

    How can I prevent any modification by Iptable on the site files if the site is built on Java or HTML5

  2. Linux Firewall says:

    A firewall is a system security framework, that controls the incoming and outgoing system traffic. It is very stable, protect our system from malware, system performance speed high.

  3. gts says:

    Please some know how block HTTPS and HTTP sites with iptables please send my email id [email protected]
    please support me

    gts

  4. ramkumar says:

    hi,

    i have rhce exam within one week .

    pls, guide me…..

  5. Hany says:

    Hi there,

    Subject: check the file integrity (File integrity monitoring for Linux servers)

    I am aware of tools and packages that can do this job for me. But i am more keen on having a cron job and shell script to do that for me and alert me if Intrusion Detected.

    my Linux version is RHEL5.9

    Can you help please?

    Thanks in advance for your help.

    Hany

  6. linux fresher says:

    Also please include… tips for cracking 333 exam or LDAP or clustering n new stuff thanks a ton! … sent a broadcast mail to all my past frens and office colleagues luv u tecmint….

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.