🎯 Objective
Learn how to install, configure, and manage Linux firewall rules using iptables to control incoming and outgoing network traffic.
# 📘 What is iptables?
iptables is a command-line firewall utility used to manage network traffic rules in the Linux kernel.
It allows administrators to:
iptables works with the Linux Netfilter framework.
# 🔍 How iptables Works
iptables filters packets using rules organized into tables and chains.
Tables
Chains
# 📦 Install iptables
Most Linux systems already include iptables.
Install on RHEL / CentOS / Rocky Linux
sudo yum install iptables-services-yInstall on Ubuntu / Debian
sudo apt install iptables-y# 🔎 Check iptables Status
List current rules:
sudo iptables-LDetailed view:
sudo iptables-L-v-nExplanation:
# 📊 View Rules with Line Numbers
sudo iptables-L--line-numbersUseful when deleting specific rules.
# 🚀 Start iptables Service
sudo systemctl start iptablesEnable at boot:
sudo systemctl enable iptablesCheck status:
sudo systemctl status iptables# 🛡 Basic iptables Rules
Allow SSH traffic
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPTMeaning:
Allow HTTP traffic
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPTAllow HTTPS traffic
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPTBlock a specific IP
sudo iptables -A INPUT -s 192.168.1.100 -j DROPMeaning:
Drop all traffic from that IP.
Allow localhost traffic
sudo iptables -A INPUT -i lo -j ACCEPTAllow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT# ❌ Drop All Other Traffic
Set default policy:
sudo iptables -P INPUT DROPMeaning:
All incoming traffic is blocked unless explicitly allowed.
# 🧹 Delete iptables Rules
Delete specific rule:
sudo iptables -D INPUT2Delete by rule specification:
sudo iptables -D INPUT -p tcp --dport 80 -j ACCEPT# 🔄 Flush All Rules
Remove all rules:
sudo iptables -FDelete all chains:
sudo iptables -X# 💾 Save iptables Rules
Rules disappear after reboot unless saved.
Save rules:
sudo service iptables saveor
sudo iptables-save > /etc/sysconfig/iptables# 🔁 Restore Rules
sudo iptables-restore < /etc/sysconfig/iptables# 🌐 Check Listening Ports
Useful when configuring firewall:
sudo ss-tulnp# 🧪 Example Firewall Configuration
Allow only:
Block everything else.
sudo iptables -F
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -P INPUT DROP# ⚠ Common iptables Issues
Locked out from SSH
If SSH rule missing:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPTAlways allow SSH before setting DROP policy.
Firewall rules lost after reboot
Fix:
Save rules:
sudo iptables-saveService not running
Check:
sudo systemctl status iptables# 📁 Important iptables Files
# 🧰 Useful iptables Commands
# 🔎 Example Troubleshooting
Web server not reachable
Check firewall:
sudo iptables -LIf port 80 blocked:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPTRestart service if needed.
# ✅ Key Learning Points