Managing network traffic is one of the toughest jobs a system administrator has to deal with. He must configure the firewall in such a way that it will meet the system and user’s requirements for both incoming and outgoing connections, without leaving the system vulnerable to attacks and all this can be done with the help of IPtables.<\/p>\n
<\/p>\n
IPtables is a Linux command line firewall that allows system administrators to manage incoming and outgoing traffic with the help of configurable table rules.<\/p>\n
<\/p>\n
There are 3 types of Iptables:<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Mostly we play around with FILTER type of IPtables, Now, let\u2019s see some useful commands:<\/p>\n
<\/p>\n
List the currently configured IPtables rules:<\/p>\n
<\/p>\n
iptables -L<\/pre>\n<\/p>\n
Sample output:-<\/p>\n
<\/p>\n
Chain INPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget prot opt source destination \r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination<\/pre>\n<\/p>\n
<\/h2>\n
<\/p>\n
Defining Chain Rules<\/span><\/strong><\/h2>\n
<\/p>\n
Defining a rule means appending it to the chain. To do this, you need to insert the\u00a0-A<\/strong>\u00a0option (Append) right after the\u00a0iptables<\/strong>\u00a0command, like so:<\/p>\n
<\/p>\n
sudo iptables -A<\/pre>\n<\/p>\n
It will alert\u00a0iptables<\/strong>\u00a0that you are adding new rules to a chain. Then, you can combine the command with other options, such as:<\/p>\n
<\/p>\n
\n
- -i<\/strong>\u00a0(interface<\/strong>) \u2014 the network interface whose traffic you want to filter, such as\u00a0eth0<\/strong>,\u00a0lo<\/strong>,\u00a0ppp0,<\/strong>\u00a0etc.<\/li>\n
- -p<\/strong>\u00a0(protocol<\/strong>) \u2014 the network protocol where your filtering process takes place. It can be either\u00a0tcp<\/strong>,\u00a0udp<\/strong>,\u00a0udplite<\/strong>,\u00a0icmp<\/strong>,\u00a0sctp<\/strong>,\u00a0icmpv6<\/strong>, and so on. Alternatively, you can type\u00a0all<\/strong>\u00a0to choose every protocol.<\/li>\n
- -s<\/strong>\u00a0(source<\/strong>) \u2014 the address from which traffic comes from. You can add a hostname or IP address.<\/li>\n
- \u2013dport<\/strong>\u00a0(destination port<\/strong>) \u2014 the destination port number of a protocol, such as\u00a022<\/strong>\u00a0(SSH),\u00a0443\u00a0<\/strong>(https), etc.<\/li>\n
- -j<\/strong>\u00a0(target<\/strong>) \u2014 the target name (ACCEPT<\/strong>,\u00a0DROP<\/strong>,\u00a0RETURN<\/strong>). You need to insert this every time you make a new rule.<\/li>\n<\/ul>\n
<\/p>\n
<\/p>\n
1. Block Specific IP Address in IPtables Firewall<\/strong><\/h2>\n
<\/p>\n
If you want to block all outgoing connections to a specific IP address on all the ports with the following rule, -s\u00a0<\/strong>option used here specifies the source, the command will look like this:<\/p>\n
<\/p>\n
iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP<\/pre>\n<\/p>\n
2. Unblock IP Address in IPtables Firewall<\/strong><\/h2>\n
<\/p>\n
If you want to unblock requests from specific IP address, you can delete the blocking rule with the following command:<\/p>\n
<\/p>\n
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP<\/pre>\n<\/p>\n
3. Block Specific Port on IPtables Firewall<\/strong><\/h2>\n
<\/p>\n
If you want to block incoming or outgoing connections on a specific port, below you can find such rule for both incoming and outgoing connections:<\/p>\n
<\/p>\n
To block outgoing connections on a specific port use:<\/p>\n
<\/p>\n
iptables -A OUTPUT -p tcp --dport xxx -j DROP<\/pre>\n<\/p>\n
To allow incoming connections use:<\/p>\n
<\/p>\n
iptables -A INPUT -p tcp --dport xxx -j ACCEPT<\/pre>\n<\/p>\n
4. Allow Multiple Ports on IPtables using Multiport<\/strong><\/h2>\n
<\/p>\n
We can allow or block multiple ports at once, by using multiport<\/strong>, the blocking rule with the following commands is given below:<\/p>\n
<\/p>\n
To allow incoming connections:<\/p>\n
<\/p>\n
iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -j ACCEPT<\/pre>\n<\/p>\n
To block incoming connections:<\/p>\n
<\/p>\n
iptables -A OUTPUT -p tcp -m multiport --sports 22,80,443 -j DROP<\/pre>\n<\/p>\n
5. Block any specific website on IPtables Firewall<\/strong><\/h2>\n
<\/p>\n
First, find the IP addresses used by that website:<\/p>\n
<\/p>\n
host cloudkul.com\r\ncloudkul.com has address 104.18.59.180<\/pre>\n<\/p>\n
whois 104.18.59.180 | grep CIDR\r\nCIDR: 104.16.0.0\/12<\/pre>\n<\/p>\n
You can then block that cloudkul.com network with:<\/p>\n
<\/p>\n
iptables -A OUTPUT -p tcp -d 104.16.0.0\/12 -j DROP<\/pre>\n<\/p>\n
Now, when you will try to access cloudkul.com in your browser, it will not be accessible.<\/p>\n
<\/h2>\n
<\/p>\n
6. Block Outgoing Mails through IPTables<\/strong><\/h2>\n
<\/p>\n
if you want to block outgoing emails, you can block outgoing ports on SMTP ports, , the command will look like this:<\/p>\n
<\/p>\n
iptables -A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REJECT<\/pre>\n<\/p>\n
7. Block Incoming Ping Requests through IPtables<\/strong><\/h2>\n
<\/p>\n
if you want to block incoming ping requests, you can use the following command if you are connected with ethO network interface, in my case I am connected with wi-fi so I replaced ethO with wlp2s0 i.e wireless network interface.<\/p>\n
<\/p>\n
iptables -A INPUT -p icmp -i eth0 -j DROP<\/pre>\n<\/p>\n
<\/p>\n
8. Flush IPtables Firewall Chains<\/strong><\/h2>\n
<\/p>\n
If you want to flush your firewall chains, you can use:<\/p>\n
<\/p>\n
iptables -F<\/pre>\n<\/p>\n
<\/p>\n
9. Save IPtables Rules to a File<\/strong><\/h2>\n
<\/p>\n
If you want to save your firewall rules you can use the following to save and store your rules in a file:<\/p>\n
<\/p>\n
iptables-save > iptablesbackup.rules<\/pre>\n<\/p>\n
<\/p>\n
10. Restore IPtables Rules from a File<\/strong><\/h2>\n
<\/p>\n
If you want to restore your firewall rules you can use the following to restore your rules from a file:<\/p>\n
<\/p>\n
iptables-restore < iptablesbackup.rules<\/pre>\n<\/p>\n
Iptables<\/strong> is a powerful firewall and important for every linux administrator to learn at least the basics of iptables. If you want to find more detailed information about iptables and its options it is highly recommended to read it\u2019s manual:<\/p>\n
<\/p>\n
man iptables<\/pre>\n<\/p>\n
<\/p>\n
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 In case of any help or query, please contact us<\/a>.<\/em><\/strong><\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"