iptables

last edited Mon, 25 Mar 2024 22:48:16 GMT
backlinks: Securing Linux


iptables

A rule-based firewall that comes pre-installed in most Linux systems. UFW is actually a front-end for iptables.

The default filter table has three chains:

save your firewall rules! not applicable foooooooooo000000llr Fedora, CentOS, or RHEL systems

sudo apt-get update -y && apt-get install iptables-persistent -y

sudo service netfilter-persistent save

Restrict a Specific Port direct link to this section

sudo iptables -A INPUT -s IP-ADDRESS -p tcp --dport port_number -j DROP

You can display the results, sudo iptables -L

Block an IP Range direct link to this section

iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 80 -j REJECT

Enable Traffic on Localhost direct link to this section

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

Enabling Connections on HTTP, SSH, and SSL Port direct link to this section

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Filtering Packets Based on Source direct link to this section

sudo iptables -A INPUT -s 192.168.1.3 -j ACCEPT

Drop all Traffic Outside of Specified Ports direct link to this section

sudo iptables -A INPUT -j DROP

Reference direct link to this section