Skip to main content
HashnodeLinuxBloke | Linux Tips, Tricks & TroubleshootingLinuxBloke | Linux Tips, Tricks & Troubleshooting

Command Palette

Search for a command to run...

Understanding iptables on Linux

Updated
4 min read
Understanding iptables on Linux
B
Blake

Blake is a troubleshooting expert with a passion for Linux and trying different Web Browsers for productivity. Known for solving tech problems efficiently, Blake helps readers master their systems with clear and actionable advice.

For many Linux users, iptables can seem complex and confusing. As the built-in Linux firewall, though, understanding and using iptables remains important for managing security on your system.

This guide aims to explain iptables in simple terms to help you apply better firewall rules.

What is iptables?

Iptables constitute the software firewall included in Linux distributions. It allows administrators to set up, maintain, and inspect filtering and nat rules. Essentially, iptables filters incoming and outgoing network traffic based on preset policies and conditions.

With iptables, you can define custom sets of rules to accept, reject, drop, log, and otherwise handle packets traversing your system. This enables securely opening ports for select services while closing off everything else.

Viewing current iptables rules

Before making firewall changes, you'll want to understand the existing iptables policies applied. Viewing these gives you an idea of defaults set by your Linux distribution and any customizations made thus far.

To list iptables rules, use:

sudo iptables -L

This prints all chains, rules, protocols, source/destination details, and other helpful info.

By default, iptables define three chain types:

  • Input - Filters inbound traffic
  • Forward - Handles routed traffic
  • Output - Manages outbound connections

Scan through these chains to audit what gets accepted or dropped currently. Pay special attention to open ports and associated services.

Adding iptables rules

Now that you can view iptables contents, how do you add new rules? This allows securely exposing services or locking down unneeded access.

For example, to accept SSH connections on port 22 from a specific IP address, try:

sudo iptables -A INPUT -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT

Here we:

  • Append(-A) a new INPUT chain rule
  • Define the protocol(-p) as tcp
  • Set a matching destination port(--dport) of 22
  • Filter by source IP address(-s)
  • Accept(-j) matching packets

You can model other app rules by adjusting the protocol, port, source, and action fields. Just append each rule to the relevant built-in chain.

Removing iptables rules

Limiting iptables churn and cruft is a good practice over time. So cleaning out unneeded rules makes sense.

First, double-check what a rule is doing before removing it. Don't blindly delete policies without understanding the impacts.

Once you've identified to remove, use a command such as:

sudo iptables -D INPUT 5

Where the trailing number specifies the rule at the given position to delete.

You can also flush an entire chain if needed with:

sudo iptables -F INPUT

Just be very careful to only flush chains you configure manually rather than by default.

Saving iptables changes

Iptables gets reset per reboot by default on most Linux environments. So your rules disappear unless you save configs before restarting.

You can save the current iptables state with:

sudo service iptables save

Then have this load on subsequent boots via your init system. For example, in systemd:

sudo systemctl enable iptables.service

Now you persist firewall policies long-term.

https://developnsolve.com/understanding-linux-firewalls-for-better-security

Potential downsides to consider

While extremely useful, iptables isn't a flawless security solution. Some downsides to consider:

  • Overly complex rules can cause confusion down the road
  • No built-in host authentication or intrusion detection
  • State tracking issues with non-standard protocols
  • No application layer inspection capabilities
  • Requires moderate Linux networking knowledge

So recognize that iptables have some shortcomings depending on your specific needs.

The future of firewalling on Linux

Modern Linux administrators can choose between the legacy iptables and newer nftables systems. Nftables aims to simplify management, speed up filtering, and add features.

Over time, nftables may fully replace iptables distributions include. But for now, iptables remain the standard.

Either way - understanding firewall concepts applies universally. So focus more on intelligently managing rules rather than any single utility.

https://developnsolve.com/how-to-disable-the-linux-firewall

Summary

Iptables serves as the core Linux firewall for defining network access policies. View, add, remove, and save rules to filter traffic based on your security needs. Keep an eye on nftables as a future alternative.

With smart iptables configuration, you can securely operate services, control connections, and defend Linux environments against compromise. Just be careful to test changes and not overcomplicate things.

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

L

LinuxBloke | Linux Tips, Tricks & Troubleshooting

672 posts