Last updated on May 5th, 2016 at 01:40 am
Linux IPTABLES Beginner’s Guide :- Add Firewall Rules With Ease
This is just a beginners guide tutorial on IPTABLES. It is a vast topic and I am only covering a part of it. In this tutorial we will see simple uses of IPTABLES and also how to
- View chains & Listing rules
- Adding a new chain
- Add Rules
- Delete Rules
- Restarting & Saving IPTABLES
Please don’t confuse with IDS and IPTABLES as both are different. IPTABLES cannot scan any port for intrusion detection. It can only be done by Intrusion Detection Systems like Tripware, PortSentry, Swatch etc., IPTABLES can only block / prevent / Forward access to ports / protocols.
Chains Types In IPTABLES
——————–
3 types of chain
a)INPUT
b)FORWARD
c)OUTPUT
In linux you can list your rules in iptables using iptables -L command
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
INPUT chain as the name suggests will check all the input packets to the host.
FORWARD chain forwards all packets to another machines. It is not destined for this host.
OUTPUT chain are for packets destined to other machines.
Adding a new chain in IPTABLES
—————————–
We can use -N switch in iptables to add a new chain.
[root@]# iptables -N new_chain [root@]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain new_chain (0 references) target prot opt source destination [root@mistonline ~]#
Add a new rule in IPTABLES
————————–
A new rule can be added to a chain using -A switch, followed by switches like -p for protocol, –dport for port, -J for ACCEPT / DROP etc.,
Here is a simple rule to access SSH connection
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Here is another rule to reject all HTTP request to port 80
iptables -A INPUT -p TCP --dport 80 -j DROP
*NOTE:- Please don’t lock yourself by rejecting access to PORT 22 (SSH)
Delete Rules in IPTABLES
————————
To delete a rule from IPTABLES the best method is to list the line numbers (–line-number) and use -D option as shown below
[root@]# iptables -L INPUT --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 INPUT_direct all -- anywhere anywhere 4 INPUT_ZONES_SOURCE all -- anywhere anywhere 5 INPUT_ZONES all -- anywhere anywhere 6 ACCEPT icmp -- anywhere anywhere 7 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 8 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh 9 DROP tcp -- anywhere anywhere tcp dpt:http [root@]# iptables -D INPUT 9 [root@]# iptables -L INPUT --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 INPUT_direct all -- anywhere anywhere 4 INPUT_ZONES_SOURCE all -- anywhere anywhere 5 INPUT_ZONES all -- anywhere anywhere 6 ACCEPT icmp -- anywhere anywhere 7 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 8 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Restarting & Saving IPTABLES
—————————-
IPTABLES rules are set temporarly in the memory until we use command iptables save
service iptables save
If we reboot the machine all settings wil be lost unless we saved it using the above command.
To restart IPTABLES use the command below
# service iptables restart iptables: Setting chains to policy ACCEPT: nat filter mangl[ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] #
admin