Iptables configuration in Linux detail tutorial Part-1

Posted: 27 Dec 2017 in firewall
Tags: , , ,

This is my first tutorial on Firewall configuration in Linux using IPTABLES. In this tutorial we will learn how to use and configure iptables to secure any server or any network.We will learn to secure server and network infrastructure. Firewall is an integrated part of computer system or Network infrastructure designed to allow authorized communication and block unauthorized access.We will learn how to allow any specific ip using iptables and also learn how to deny any specific ip address.

.We will learn how to see list of iptables rules.

.We will also learn how to Flush iptables rules.

.we will also set default rules for firewall.

.We will learn to allow internal traffic on loopback device.

.We also learn how to allow established connections.

.We see rules to Lock all NULL Packets.

.We will also learn to Block XMAS Packets using Iptables.

How to save iptables rules after making any changes in your firewall rules?

#service iptables save


How to start firewall service?

#service iptables start


how to restart Firewall (iptables) service?

#service iptables restart

How to stop Firewall(iptables) service?

#service iptables stop


To on or off Firewall(iptables) rules even after system reboot we use below commands.

#chkconfig iptables on
 #chkconfig iptables off


Default Firewall(iptables) rules are saved in below files:

 /etc/sysconfig/ip6tables (saved rules for IPv6)

Here I will just give simple iptables settings examples.

Deny by default all connections :

#iptables -A  INPUT -j  DROP
 #iptables -A OUTPUT -j  DROP

#iptables -A FORWARD -j DROP


Accept packets from a particular IP address (here :

#iptables -A INPUT -s -j ACCEPT


Reject packets from a particular IPv4 address :

here is that ip which we want to reject.

#iptables  -A  INPUT   -s   -j   REJECT


Drop packets from a particular IPv4 address :

#iptables  -A  INPUT  -s   -j   DROP


Accept packets on port 22 TCP (SSH) :

#iptables  -A   INPUT   -p  tcp   --dport   22   -j   ACCEPT


Accept outgoing packets from your port 22 TCP :

#iptables   -A   OUTPUT   -p   tcp   --sport   22   -j   ACCEPT


List Firewall rules.

#iptables -L

List Firewall tables of Filter table only.

#iptables -t filter -L

List firewall rules og NAT Table.

#iptables -t nat -L

List firewall rule of MANGLE Table.

#iptables -t mangle -L

Flush/Delete firewall rules

#iptables -F
 #iptables -X
 #iptables -Z


Flush/Delete firewall rules of FILTER TABLE only.

#iptables -t filter -F

Flush/Delete firewall rules og NAT TABLE only.

#ipatbles -t nat -F


Flush/Delete firewall rules og MANGLE TABLE only.


#iptables -t mangle -F


lock null packets (DoS)

#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Block syn-flood attacks (DoS)

#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Block XMAS packets (DoS)

#iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Allow internal traffic on the loopback device.

#iptables -A INPUT -i lo -j ACCEPT

Allow ssh access

#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Allow established connections

#iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow  all outgoing connections

#iptables -A OUTPUT  -j ACCEPT

Set default deny firewall policy.

#iptables -A INPUT   -j DROP

Save  iptables/firewall rules

#service iptables save

Never forget to run above command after every change made in your iptables rules.


Very soon i will write iptables tutorial part-2 with some advance firewall configuration rules.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.