Managing network traffic is one of the toughest jobs a system administrator has to deal with. He must configure the firewall in such a way that it will meet the system and user’s requirements for both incoming and outgoing connections, without leaving the system vulnerable to attacks and all this can be done with the help of IPtables.
IPtables is a Linux command line firewall that allows system administrators to manage incoming and outgoing traffic with the help of configurable table rules.
There are 3 types of Iptables:
- FILTER
- NAT
- MANGLE
- FILTER – It is the default table and it contains the following built-in chains:
- INPUT
- FORWARD
- OUTPUT
- NAT – a table that is consulted when a packet tries to create a new connection. It has the following built-in chains:
- PREROUTING
- OUTPUT
- POSTROUTING
- MANGLE – this table is used for packet altering. Until kernel version 2.4 this table had only two chains, but they are now 5:
- PREROUTING
- OUTPUT
- INPUT
- POSTROUTING
- FORWARD
Mostly we play around with FILTER type of IPtables, Now, let’s see some useful commands:
List the currently configured IPtables rules:
|
1 |
iptables -L |
Sample output:-
|
1 2 3 4 5 6 7 8 |
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
Defining Chain Rules
Defining a rule means appending it to the chain. To do this, you need to insert the -A option (Append) right after the iptables command, like so:
|
1 |
sudo iptables -A |
It will alert iptables that you are adding new rules to a chain. Then, you can combine the command with other options, such as:
- -i (interface) — the network interface whose traffic you want to filter, such as eth0, lo, ppp0, etc.
- -p (protocol) — the network protocol where your filtering process takes place. It can be either tcp, udp, udplite, icmp, sctp, icmpv6, and so on. Alternatively, you can type all to choose every protocol.
- -s (source) — the address from which traffic comes from. You can add a hostname or IP address.
- –dport (destination port) — the destination port number of a protocol, such as 22 (SSH), 443 (https), etc.
- -j (target) — the target name (ACCEPT, DROP, RETURN). You need to insert this every time you make a new rule.
1. Block Specific IP Address in IPtables Firewall
If you want to block all outgoing connections to a specific IP address on all the ports with the following rule, -s option used here specifies the source, the command will look like this:
|
1 |
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP |
2. Unblock IP Address in IPtables Firewall
If you want to unblock requests from specific IP address, you can delete the blocking rule with the following command:
|
1 |
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP |
3. Block Specific Port on IPtables Firewall
If you want to block incoming or outgoing connections on a specific port, below you can find such rule for both incoming and outgoing connections:
To block outgoing connections on a specific port use:
|
1 |
iptables -A OUTPUT -p tcp --dport xxx -j DROP |
To allow incoming connections use:
|
1 |
iptables -A INPUT -p tcp --dport xxx -j ACCEPT |
4. Allow Multiple Ports on IPtables using Multiport
We can allow or block multiple ports at once, by using multiport, the blocking rule with the following commands is given below:
To allow incoming connections:
|
1 |
iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -j ACCEPT |
To block incoming connections:
|
1 |
iptables -A OUTPUT -p tcp -m multiport --sports 22,80,443 -j DROP |
5. Block any specific website on IPtables Firewall
First, find the IP addresses used by that website:
|
1 2 |
host cloudkul.com cloudkul.com has address 104.18.59.180 |
|
1 2 |
whois 104.18.59.180 | grep CIDR CIDR: 104.16.0.0/12 |
You can then block that cloudkul.com network with:
|
1 |
iptables -A OUTPUT -p tcp -d 104.16.0.0/12 -j DROP |
Now, when you will try to access cloudkul.com in your browser, it will not be accessible.
6. Block Outgoing Mails through IPTables
if you want to block outgoing emails, you can block outgoing ports on SMTP ports, , the command will look like this:
|
1 |
iptables -A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REJECT |
7. Block Incoming Ping Requests through IPtables
if you want to block incoming ping requests, you can use the following command if you are connected with ethO network interface, in my case I am connected with wi-fi so I replaced ethO with wlp2s0 i.e wireless network interface.
|
1 |
iptables -A INPUT -p icmp -i eth0 -j DROP |
8. Flush IPtables Firewall Chains
If you want to flush your firewall chains, you can use:
|
1 |
iptables -F |
9. Save IPtables Rules to a File
If you want to save your firewall rules you can use the following to save and store your rules in a file:
|
1 |
iptables-save > iptablesbackup.rules |
10. Restore IPtables Rules from a File
If you want to restore your firewall rules you can use the following to restore your rules from a file:
|
1 |
iptables-restore < iptablesbackup.rules |
Iptables is a powerful firewall and important for every linux administrator to learn at least the basics of iptables. If you want to find more detailed information about iptables and its options it is highly recommended to read it’s manual:
|
1 |
man iptables |
In case of any help or query, please contact us.
Be the first to comment.