This document shows some example rules to filter network traffic with the iptables firewall. Iptables uses the concept of IP addresses, protocols (tcp, udp, icmp) and ports and places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic (IP packets) relevant to those chains and a decision is made about what to do with each packet based upon the outcome of those rules, i.e. accepting or dropping the packet.
Below explanation of the chains in the filter table to which we can add rules:
- INPUT – All packets destined for the host computer self.
- OUTPUT – All packets originating from the host computer self.
- FORWARD – All packets neither destined for nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router.
Working with iptables from the command line requires root privileges.
The configuration is saved to file /etc/sysconfig/iptables
Examples
check to see if iptables is installed |
|
Installation of Iptables |
|
Check iptables status |
|
Start iptables |
|
To set iptables start at boot |
|
List the current loaded rules |
|
Display Status of the firewall |
|
Flush all current rules from iptables |
|
Allow SSH connections on tcp port 22 (SSH) |
|
Set default policies for INPUT, FORWARD and OUTPUT chains |
|
Set access for localhost |
|
Accept packets belonging to established and related connections |
|
Accept packets from trusted IP addresses |
|
Accept packets from trusted network |
|
Accept tcp packets on destination port 6881 |
|
Accept tcp packets on destination ports 6881-6890 |
|
Accept tcp packets on destination port 22 (SSH) from private LAN |
|
Blocking null packets |
|
Reject SYN -FLOOD attack |
|
Reject a recon Packet |
|
Allow web server traffic |
|
Allow users to use SMTP servers |
|
Allow any established outgoing connections to receive replies from the server |
|
Block an IP address |
|
Block a Port for a specific IP Address |
|
Open a port for a Specific IP Address |
|
Open DNS |
|
Open MYSQL Port |
|
Open a Range of Ports (eg : 7000-7100) |
|
Save the rules and restart the iptables |
|
List rules |
|