Basic Guide on IPTables (Linux Firewall) Command

Command Basic Guide on IPTables (Linux Firewall). This tutorial guides you how firewall works in Linux Operating system and what is IPTables in Linux? Firewall decides fate of packets incoming and outgoing in system. IPTables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. IPTables was included in Kernel 2.4, prior it was called ipchains or ipfwadm. IPTables is a front-end tool to talk to the kernel and decides the packets to filter. This guide may help you to rough idea and basic commands of IPTables where we are going to describe practical iptables rules which you may refer and customized as per your need.

Different services is used for different protocols as:

1. iptables applies to IPv4.
2. ip6tables applies to IPv6.
3. arptables applies to ARP.
4. ebtables applies to Ethernet frames..

IPTables main files are:

1. /etc/init.d/iptables – init script to start|stop|restart and save rulesets.
2. /etc/sysconfig/iptables – where Rulesets are saved.
3. /sbin/iptables – binary.

There are at present three tables.

• Filter
• NAT
• Mangle

At present, there are total four chains:

1. INPUT : Default chain originating to system.
2. OUTPUT : Default chain generating from system.
3. FORWARD : Default chain packets are send through another interface.
4. RH-Firewall-1-INPUT : The user-defined custom chain.

Note: Above main files may slightly differ in Ubuntu Linux.
How to start, stop and restart Iptabe Firewall

# /etc/init.d/iptables start 
# /etc/init.d/iptables stop
# /etc/init.d/iptables restart

To start IPTables on system boot, use the following command.

#chkconfig --level 345 iptables on

Saving IPTables rulesets with below command. Whenever system rebooted and restarted the IPTables service, the exsiting rules flushed out or reset. Below command save TPTables rulesets in /etc/sysconfig/iptables file by default and rules are applied or restored in case of IPTables flushes out.

#service iptables save

Checking the status of IPTables / Firewall. Options “-L” (List ruleset), “-v” (Verbose) and “-n” (Displays in numeric format).

[root@tecmint ~]# iptables -L -n -v

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    6   396 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5 packets, 588 bytes)
 pkts bytes target     prot opt in     out     source               destination

 Display IPTables rules with numbers. With the help of argument “–line-numbers” you can append or remove rules.

[root@tecmint ~]# iptables -n -L -v --line-numbers

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       51  4080 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 45 packets, 5384 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Flushing or deleting IPTables rules. Below command will remove all the rules from tables. Take rulesets backup before executing above command.

[root@tecmint ~]# iptables -F

Deleting or appending rules, let us first see the rules in chains. Below commands shall display rulesets in INPUT and OUTPUT chains with rule numbers which will help us to add or delete rules

[root@tecmint ~]# iptables -L INPUT -n --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

[root@tecmint ~]# iptables -L OUTPUT -n --line-numbers
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Let’s say if you want to delete rule no 5 from INPUT chain. Use the following command.

[root@tecmint ~]# iptables -D INPUT 5

To insert or append rule to INPUT chain in between 4 and 5 ruleset.

[root@tecmint ~]# iptables -I INPUT 5 -s ipaddress -j DROP

We have just tried to cover basic usages and functions of IPTables for begineer. You may create complex rules once you have complete understanding of TCP/IP and good knowledge of your setup.