All about iptables in linux in simplest explaination:)

iptables is a powerful firewall tool for Linux operating systems that allows you to control incoming and outgoing traffic on your network. It is used to set rules for filtering network traffic, block or allow certain types of traffic, and protect your system from unauthorized access.

Here are some key concepts you should know:

  • Chains: iptables organizes its rules into chains, which are sets of rules that are applied to network traffic in a specific order. There are three default chains: INPUT (applied to incoming traffic), OUTPUT (applied to outgoing traffic), and FORWARD (applied to traffic that is being forwarded through your system).

  • Rules: Each chain consists of a set of rules that define how network traffic should be handled. A rule can either allow or block traffic, and can be based on various criteria such as the source or destination IP address, protocol type, or port number.

  • Tables: iptables uses tables to organize its rules. The default table is the filter table, which is used for packet filtering. There are also other tables such as the NAT table, which is used for network address translation, and the Mangle table, which is used for advanced packet manipulation.

  • Targets: A target is the action that iptables takes when a rule is matched. Common targets include ACCEPT (allow the traffic), DROP (block the traffic), and REJECT (block the traffic and send an error message to the sender).

To use iptables, you can use the command line interface to add, modify, or delete rules. For example, the following command allows incoming traffic on port 80 (HTTP):

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This adds a rule to the INPUT chain that matches TCP traffic on port 80 and allows it to pass through the firewall.

It is important to note that iptables rules are applied in a specific order, so the order in which you add rules can affect how traffic is filtered. Additionally, iptables rules are not persistent by default, so if you reboot your system, any custom rules you have added will be lost. To make your iptables rules persistent, you can use a tool such as iptables-persistent.

Some of the most important options for iptables:

  • -A: This option appends a new rule to the end of a chain. For example, iptables -A INPUT -p tcp --dport 80 -j ACCEPT adds a rule to the INPUT chain that allows incoming traffic on port 80.

  • -I: This option inserts a new rule at a specific position in a chain. For example, iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT inserts a rule at position 2 in the INPUT chain that allows incoming traffic on port 80.

  • -D: This option deletes a rule from a chain. For example, iptables -D INPUT 2 deletes the rule at position 2 in the INPUT chain.

  • -L: This option lists the rules in a chain. For example, iptables -L INPUT lists the rules in the INPUT chain.

  • -P: This option sets the policy for a chain. The policy determines what happens to packets that do not match any of the rules in the chain. For example, iptables -P INPUT DROP sets the default policy for the INPUT chain to drop packets that do not match any of the rules.

  • -s: This option specifies the source IP address or network for a rule. For example, iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT allows incoming traffic from the 192.168.0.0/24 network.

  • -d: This option specifies the destination IP address or network for a rule. For example, iptables -A OUTPUT -d 8.8.8.8 -j ACCEPT allows outgoing traffic to the 8.8.8.8 IP address.

  • -p: This option specifies the protocol for a rule. For example, iptables -A INPUT -p tcp --dport 80 -j ACCEPT allows incoming TCP traffic on port 80.

  • -j: This option specifies the target for a rule. The target determines what happens to packets that match the rule. For example, iptables -A OUTPUT -p icmp -j DROP drops all outgoing ICMP traffic.

Did you find this article valuable?

Support Gaurav-Jethuri by becoming a sponsor. Any amount is appreciated!