Firewalls are invaluable for systems that are placed online. Today, we look at how to use iptables – a powerful Linux based firewall
IPtables enables you to grant or deny access to specific services and IP addresses. This provides you with full control over everything that goes in and out of your server, including TCP and SSH connections. In short, it’s going to be suitable for those who like to use the command line.
Install iptables
If you’re on a VPS or a dedicated server, you should have access to the iptables program, which comes by default with most Linux distributions. If not installed, use the following commands to install:
In Debian/Ubuntu
Type the following command and press Enter for the two prompts that follow
apt-get install iptables-persistent
In RedHat/Centos type the following as root
yum install iptables
Work with iptables
Here are a few things you can do with iptables and how to do them:
- Check if there are any rules in the iptables
The first thing you need to do is review that it doesn’t have any rules set by default by typing the following command on your console:
iptables
-L
This will return three sets of rules or chains – one each for your incoming, outgoing, and forwarding packets, and all of them should include a line that reads policy ACCEPT.
- Add new rule
To add a new rule to a particular chain, you’ll need to use this command:
iptables
-A INPUT -p tcp -m tcp --dport 7822
-j ACCEPT
This enables incoming TCP connections through port 7822, which is commonly used by SSH.
Some of the most basic ports to ensure you have enabled in the firewall are Port 80 for HTTP and 443 for HTTPS. Here are the commands to do so:
iptables
-I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables
-I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- Block an IP address
Now to block a specific IP address from accessing your server, all it takes is another iptables command. For example:
iptables
-I INPUT rule_number
-s 10.10.10.10
-j DROP
The DROP rule will instruct your server to block all types of connections from a specific IP address. Make sure to replace reule_number with the rule number in the chain. Replace 10.10.10.10 with the IP you are blocking.
- Delete a rule
To delete a rule, use the -D option. You need to know the number of the rule you want to delete (just as you must know the number when you insert a rule). The following command demonstrates how to delete the fifth rule from the INPUT chain:
iptables -D INPUT 5
- Delete all rules
If you want to delete all of the rules at once, type the following command:
iptables -F
- Save rules after modifying iptables
To save the iptables rules apply the following methods depending on the server operating system
For Debian or Ubuntu, run
iptables-save > /etc/iptables/rules.v4
For RedHat/Centos, run the command
/sbin/service iptables save
Leave A Comment?