IPTables is a Linux-based firewall tool that allows system administrators to configure and manage network traffic on a server. It’s a powerful tool that can be used to secure your server and manage network traffic effectively.

Understanding IPTables

IPTables is a firewall tool that is used to manage network traffic by filtering incoming and outgoing packets based on rules that you define. It is built into the Linux kernel and is available on most Linux distributions by default.

When a packet arrives at a server, IPTables inspects the packet and decides whether to accept, reject, or drop it based on a set of predefined rules. These rules are defined in a configuration file, which is usually located at /etc/sysconfig/iptables or /etc/iptables.rules.

IPTables uses a set of chains to organize the rules. Each chain contains a set of rules that are applied to packets that match the chain’s criteria. The chains are organized into three categories:

  • Input chain: This chain applies to incoming packets that are destined for the server.
  • Output chain: This chain applies to outgoing packets that are generated by the server.
  • Forward chain: This chain applies to packets that are being forwarded by the server.

You can think of these chains as a series of filters that are applied to packets as they pass through the server.

Basic IPTables Commands

Before we dive into the specifics of configuring IPTables, let’s start with some basic commands that you can use to manage the firewall.

Viewing IPTables Rules

You can view the current IPTables ruleset by running the following command:

sudo iptables -L

This will show you the current rules for all three chains: Input, Output, and Forward.

Flushing IPTables Rules

If you need to start over with a fresh ruleset, you can flush all of the current rules by running the following command:

sudo iptables -F

This will remove all of the rules from all three chains.

Adding Rules

To add a new rule to IPTables, you use the iptables command followed by the chain that the rule should be applied to, the action to take if the rule matches, and the criteria that the packet must meet in order to match the rule.

Here’s an example rule that allows incoming traffic on port 80 (HTTP):

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This rule adds a new rule to the Input chain that allows incoming TCP traffic on port 80 and accepts it.

Removing Rules

To remove a rule from IPTables, you use the iptables command followed by the chain that the rule is in and the rule’s criteria.

Here’s an example rule that removes the rule we just added:

sudo iptables -D INPUT -p tcp --dport 80 -j ACCEPT

This command removes the rule that accepts incoming TCP traffic on port 80.

Configuring IPTables

Now that you know the basics of managing this firewall, let’s dive into how to configure it to meet your needs.

Here are some steps to configure IPTables:

  1. Define your network requirements: Before configuring IPTables, you should have a clear understanding of the network requirements for your server. This includes the types of services you need to make available, the ports they use, and any network restrictions you want to impose.
  2. Create a default policy: The default policy determines what IPTables should do with packets that do not match any of the defined rules. By default, IPTables will drop these packets, but you can change this behavior to accept or reject them. Use the following command to set the default policy to DROP for all three chains:
    sudo iptables -P INPUT DROP
    sudo iptables -P OUTPUT DROP
    sudo iptables -P FORWARD DROP
  3. Create rules: Use the iptables command to create rules that define how IPTables should handle incoming and outgoing network traffic. For example, the following command allows incoming SSH traffic on port 22:
    sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

    This command adds a rule to the INPUT chain that allows incoming TCP traffic on port 22, and only accepts packets that are in the NEW or ESTABLISHED state.

  4. Save your configuration: Once you have defined your rules, you will need to save your configuration so that it persists across reboots. The exact method for saving the configuration will depend on your Linux distribution, but it usually involves running a command that writes the rules to a configuration file. For example, on CentOS 7, you can use the following command to save your IPTables configuration:
    sudo service iptables save

    This command writes the current IPTables configuration to the /etc/sysconfig/iptables file, which is read during system startup.

  5. Test your configuration: After saving your configuration, you should test it to ensure that it is working as expected. Try connecting to the services you have allowed and verify that they are working. You can also use the iptables -L command to view your current IPTables rules and verify that they are configured correctly.

Always be careful when configuring IPTables as incorrect configurations can result in network connectivity issues. It is a good practice to have a backup plan before making any changes to your firewall configuration.

GO TO PREVIOUS LESSON ⬅                                                                                                                                     ➡  GO TO NEXT LESSON