IPTables Tutorial: Installing, Configuring, and Managing Firewall on Linux
☰ In this chapter, you will learn
- Understanding IPTables Firewall?
- What is the relationship between IPTables and UFW?
- How to Install IPTables?
- Understanding IPTables Syntax.
- How to configure IPTables for packet filtering?
Introduction
IPTables is a widely used and powerful firewall tool for Linux systems. It controls incoming and outgoing traffic based on rules. Setting up IPTables can be complex and requires advanced technical skills. You can use UFW as front-end for easy configuration of IPTables.
UFW is like a user-friendly face for IPTables, making it simpler to set up firewall rules with an easy-to-understand syntax. It's built upon IPTables and is a great choice for those who prefer not to deal with IPTables directly.
How do I Setup UFW Firewall on Ubuntu/CentOS
How does IPTables work?
IPTables is a firewall tool that sorts incoming and outgoing data packets based on rules you set. It checks each packet against these rules and decides whether to let it through or stop it.
Note: IPTables rules only handle IPv4. If you need IPv6, you should use IP6Tables instead of IPTables.
Installing IPTables
The IPTables firewall comes along with most of the Linux distributions by default. You can check its status by using the following command.
iptables -VIf you find that IPTables is not installed on your Linux distros, you can install it as follows:
Ubuntu:
sudo apt-get update
$sudo apt-get install iptablesCentOS
sudo yum update
$sudo yum install iptablesUnderstand IPTables Syntax
Before you start configuring IPTables, it's important to understand its syntax.
| # | Command | Name | Description |
|---|---|---|---|
| 1 | -A |
Append | Used to Adding a new rule in IPTables |
| 2 | -i |
Interface | Specify network interface such as eth0, eth1, eth2, pppO, etc. |
| 3 | -p |
Protocol | Specify network protocol such as tcp, udp, etc. |
| 4 | -s |
Source | Incoming traffic address such as IP Address or hostname. |
| 5 | -dport |
Destination Port | Provide port number such as 22 (SSH), 443 (HTTPs), etc. |
| 6 | -j |
Target | The target name (ACCEPT, DROP, RETURN). |
Syntax
sudo iptables -A <chain> -i <interface> -p <protocol (tcp/udp)> -s <source> --dport <port no.> -j <target>
Configuring IPTables
1. Allow all outgoing traffic and block all incoming traffic except for SSH (port 22):
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
$iptables -A INPUT -j DROP
$iptables -A OUTPUT -j ACCEPT2. Allow HTTP (port 80)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT3. Allow HTTPS (port 443)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT4. Allow ICMP (ping) requests:
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT5. Allow traffic from a specific IP address:
iptables -A INPUT -s -j ACCEPT 6. Block traffic from a specific IP address:
iptables -A INPUT -s -j DROP 7. Block all traffic from a specific country (using GeoIP):
iptables -A INPUT -m geoip --src-cc -j DROP 8. Allow FTP (port 21) connections:
iptables -A INPUT -p tcp --dport 21 -j ACCEPT9. Allow SMTP (port 25) connections:
iptables -A INPUT -p tcp --dport 25 -j ACCEPT10. Allow DNS (port 53) connections:
iptables -A INPUT -p udp --dport 53 -j ACCEPT
$iptables -A INPUT -p tcp --dport 53 -j ACCEPT11. Allow MySQL (port 3306) connections:
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT12. Allow RDP (port 3389) connections:
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT13. Block SYN flood attacks:
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
$iptables -A INPUT -p tcp --syn -j DROP14. Allow only specific MAC addresses:
iptables -A INPUT -m mac --mac-source -j ACCEPT Summary
In this tutorial, we aim to help you understand IPTables better. We provide some configuration examples that show how to set various rules directly in IPTables, without needing UFW. However, if you find it difficult to configure IPTables rules directly, you can use UFW syntax instead.