Iptables configuration in Linux detail tutorial Part-1

Posted: December 27, 2017 in LINUX
Tags: , , ,

This is my first tutorial on Firewall configuration in Linux using IPTABLES. In this tutorial we will learn how to use and configure iptables to secure any server or any network.We will learn to secure server and network infrastructure. Firewall is an integrated part of computer system or Network infrastructure designed to allow authorized communication and block unauthorized access.We will learn how to allow any specific ip using iptables and also learn how to deny any specific ip address.

.We will learn how to see list of iptables rules.
.We will also learn how to Flush iptables rules.
.we will also set default rules for firewall.
.We will learn to allow internal traffic on loopback device.
.We also learn how to allow established connections.
.We see rules to Lock all NULL Packets.
.We will also learn to Block XMAS Packets using Iptables.
How to save iptables rules after making any changes in your firewall rules?
#service iptables save


How to start firewall service?
#service iptables start


how to restart Firewall (iptables) service?
#service iptables restart
How to stop Firewall(iptables) service?
#service iptables stop


To on or off Firewall(iptables) rules even after system reboot we use below commands.
#chkconfig iptables on
 #chkconfig iptables off


Default Firewall(iptables) rules are saved in below files:
 /etc/sysconfig/ip6tables (saved rules for IPv6)
Here I will just give simple iptables settings examples.
Deny by default all connections :
#iptables -A  INPUT -j  DROP
 #iptables -A OUTPUT -j  DROP

#iptables -A FORWARD -j DROP


Accept packets from a particular IP address (here :
#iptables -A INPUT -s -j ACCEPT


Reject packets from a particular IPv4 address :

here is that ip which we want to reject.

#iptables  -A  INPUT   -s   -j   REJECT


Drop packets from a particular IPv4 address :
#iptables  -A  INPUT  -s   -j   DROP


Accept packets on port 22 TCP (SSH) :
#iptables  -A   INPUT   -p  tcp   --dport   22   -j   ACCEPT


Accept outgoing packets from your port 22 TCP :
#iptables   -A   OUTPUT   -p   tcp   --sport   22   -j   ACCEPT


List Firewall rules.
#iptables -L
List Firewall tables of Filter table only.
#iptables -t filter -L
List firewall rules og NAT Table.
#iptables -t nat -L
List firewall rule of MANGLE Table.
#iptables -t mangle -L
Flush/Delete firewall rules
#iptables -F
 #iptables -X
 #iptables -Z


Flush/Delete firewall rules of FILTER TABLE only.
#iptables -t filter -F
Flush/Delete firewall rules og NAT TABLE only.
#ipatbles -t nat -F


Flush/Delete firewall rules og MANGLE TABLE only.


#iptables -t mangle -F


lock null packets (DoS)
#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Block syn-flood attacks (DoS)
#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Block XMAS packets (DoS)
#iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Allow internal traffic on the loopback device.
#iptables -A INPUT -i lo -j ACCEPT
Allow ssh access
#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Allow established connections
#iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow  all outgoing connections
#iptables -A OUTPUT  -j ACCEPT
Set default deny firewall policy.
#iptables -A INPUT   -j DROP
Save  iptables/firewall rules
#service iptables save

Never forget to run above command after every change made in your iptables rules.


Very soon i will write iptables tutorial part-2 with some advance firewall configuration rules.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s