Overview

This guide is meant to explain and help with the setup of iptables. With this tutorial you should be able to perform the basic setup of iptables. With this Linux firewall tool you are able to improve the security of your server.

In this article the following subjects will be covered:

  • Basic explanation
  • Basic commands
  • How to secure your own connection to the server
  • How to allow/open a specific port on the server

Basic explanation iptables

Iptables is a tool for Linux that is used as firewall. The iptables tool is based on rules and is installed on most Linux systems by default. Iptables runs without any rules by default and all traffic is therefore allowed. Generally iptables is split up in three sections, the INPUT chain, the FORWARD chain and the OUTPUT chain. These chains are used in order to apply rules in iptables and should be called with capital letters when used. Each chain has a default policy, this can either be ACCEPT or DROP.

  • INPUT –  All packets destined for the host computer.
  • OUTPUT – All packets originating from the host computer.
  • FORWARD – All packets that are passing through. This chain is used when the server is used as a router.

In order to setup the firewall chains there are two ways to do this. For example the default policy of INPUT can be set to ACCEPT. In this case you are able to add rules to the chain that will block certain packets for the INPUT chain. The other option would be to set the default policy of INPUT to DROP. In this case all packets will be dropped for the INPUT chain. You will then be able to add rules to allow certain packets.

When creating iptables rules there are two most common ways used in the commands. When calling the iptables command you can either use -A or -I as option to add rules. The -A option stands for Append, this means the rule you add will be added to the bottom of the rule list. The -I option stands for Insert, with this option the rule is added on rule number one by default. With the Insert option you are also able to indicate a line number where you wish to add the rule.

On the next page we will start with the basic commands for iptables. For quick navigation: