Iptables is a powerful firewall tool in Linux systems that controls network traffic in and out of the system by setting IP packet filtering rules. 1. It matches and processes data packets based on rule chains (INPUT, OUTPUT, FORWARD). The default policy is usually set to DROP to improve security. 2. When setting basic rules, you should first allow key services such as SSH, HTTP and HTTPS, and then block all other input traffic. 3. Use iptables-save and iptables-restore to achieve rule persistence. 4. Use -L -n -v to view rules, delete or insert rules to specify the location by line number. 5. Common uses include blocking suspicious IPs, allowing connection responses, limiting brute-force attempts, etc. Mastering these core operations can help users build a secure network environment and continuously maintain their effectiveness.

Iptables is a powerful firewall utility for Linux systems that allows you to set up, maintain, and inspect the tables of IP packet filter rules. It controls network traffic—both incoming and outgoing—based on predefined rules. If you're managing a Linux server or just want to secure your desktop, knowing how to use iptables can give you fine-grained control over your system's security.

Understanding the Basics of Iptables

Iptables works by checking each packet that enters or leaves your system against a set of rules. These rules are grouped into chains, and chains are grouped into tables. The main table used for filtering is called the filter table, which contains three built-in chains:

• INPUT – handles packets coming into the system
• OUTPUT – handles packets going out from the system
• FORWARD – handles packets passing through the system (for routers)

Each rule in a chain tells iptables what to do with a packet that matches certain criteria—like protocol type, port number, source or destination address, etc.

The default policy for each chain is usually ACCEPT , but it's common practice to change this to DROP and then selectively allow only the traffic you need.

Setting Up Basic Firewall Rules

You don't want to block yourself out when setting up iptables, especially if you're working on a remote server. Start by allowing essential services like SSH, HTTP, and HTTPS.

Here are some basic commands:

• Allow SSH access:

   sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• Allow web traffic:

   sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Once you've added the rules you need, it's good practice to block everything else:

 sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP

?? Be careful with these policies. If you lock yourself out, you'll need physical or console access to reset them.

Also, remember that iptables rules are not persistent by default. Rebooting the system will clear them unless you save them using a tool like iptables-save and restore them at boot with iptables-restore .

Managing Iptables Rules Effectively

It's easy to forget what rules you've added or where they're placed in the chain. Here are a few tips to help manage your configuration:

• View current rules:

   sudo iptables -L -n -v

  Adding -L gives a list format, -n shows numeric output (faster), and -v gives more details.

• Delete a specific rule: First list rules with line numbers:

   sudo iptables -L --line-numbers

  Then delete by number:

   sudo iptables -D INPUT 3

• Insert a rule at a specific position:

   sudo iptables -I INPUT 2 -p tcp --dport 25 -j ACCEPT

  This adds an SMTP rule at position 2 in the INPUT chain.

If you're doing anything beyond basic setup, consider writing a script that applies all your rules at once. It makes testing and applying changes much easier.

Common Use Cases and Examples

One of the most common uses of iptables is protecting servers exposed to the internet. For example:

• Blocking a suspicious IP:

   sudo iptables -A INPUT -s 192.168.1.100 -j DROP

• Allowing responses to outgoing connections:

   sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

  This ensures that responses to your own outbound requests (like web browser) are allowed back in.

• Limiting brute-force attacks: You can rate-limit SSH attempts:

   sudo iptables -A INPUT -p tcp --dport 22 -m limit --limit 5/minute -j ACCEPT

These kinds of rules help prevent abuse without blocking legitimate users.

Basically that's it. Iptables may seem complex, but as long as you master the basic rules and common commands, you can quickly build an effective firewall system. Remember to check your rules and log files regularly to make sure nothing slips through the cracks.

The above is the detailed content of What is iptables and how do you use it to configure a firewall?. For more information, please follow other related articles on the PHP Chinese website!