Scribd
Upload
440 views

Iptables Tutorial For Beginners

Iptables is a Linux packet filtering firewall that allows system administrators to define rules for incoming and outgoing network packets. Rules are grouped into chains, which are organized into tables that filter, NAT, or mangle packets. The filter table contains the INPUT, OUTPUT, and FORWARD chains used to allow or block traffic destined for the local system, created by the local system, or passing through. Common iptables commands are used to append, delete, replace, insert, list, flush, create new chains, and set default policies for chains. Rules can allow, deny, or limit traffic based on port, protocol, interface, source/destination IP, and more.

Uploaded by

saidpmk
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
440 views

Iptables Tutorial For Beginners

Iptables is a Linux packet filtering firewall that allows system administrators to define rules for incoming and outgoing network packets. Rules are grouped into chains, which are organized into tables that filter, NAT, or mangle packets. The filter table contains the INPUT, OUTPUT, and FORWARD chains used to allow or block traffic destined for the local system, created by the local system, or passing through. Common iptables commands are used to append, delete, replace, insert, list, flush, create new chains, and set default policies for chains. Rules can allow, deny, or limit traffic based on port, protocol, interface, source/destination IP, and more.

Uploaded by

saidpmk
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

iptables tutorial for beginners

Introduction
---------------

Iptables is a Linux based packet filtering firewall. Iptables interfaces to the Linux netfilter
module to perform filtering of network packets. This can be to deny/allow traffic filter or
perform Network Address Translation (NAT). With careful configuration iptables can be a
very cost effective, powerful and flexible firewall or gateway solution. Iptables is available
from http://www.netfilter.org/ or via your Linux distribution.
In short, iptables is a packet filtering tool which allows system administrator to define
incoming and outgoing packets to and from the system using certain rules. Iptables can be
confusing it's pretty straightforward once you get the hang of it.

Rules, Chains, and Tables

Iptables rules are grouped into chains. A chain is a set of rules used to determine what to do
with a packet. These chains are grouped into tables. Iptables has three built in tables filter,
NAT, mangle. More tables can be added through iptables extensions.

Filter Table

The filter table is used to allow and block traffic, and contains three chains INPUT,
OUTPUT, FORWARD. The input chain is used to filter packets destined for the local
system. The output chain is used to filter packets created by the local system. The forward
chain is used for packets passing through the system, mainly used for gateways/routers.

There are three real "chains" which iptables uses:

* INPUT
Which is used to grant or deny incoming connections to your machine.
* OUTPUT
Which is used to grant or deny outgoing connections from your machine.
* FORWARD
Which is used for forwarding packages across interfaces, only really needed (in general)
when you're setting up a gateway machine.

NAT Table

The NAT table is used to setup the rules to rewrite packets allowing NAT to happen. This
table also has 3 chains, PREROUTING, POSTROUTING, and OUTPUT. The prerouting
chain is where packets come to prior to being parsed by the local routing table. The
postrouting chain is where packets are sent after going through the local routing table.

The general form of an IP tables rule is:

iptables -A CHAIN -p tcp [options] -j ACTION

The CHAIN we've briefly covered before, "INPUT", "OUTPUT", "FORWARD", etc. Here "-
A INPUT" means "append this rule to the input chain".
The "-p tcp" means this rule applies only to TCP connections, not UDP. (To specify UDP
connections you'd use "-p udp" instead.)

"[options]" is where you specify what you wish to match against.

Finally "-j ACTION" is used to specify what to do to packets which match your rule. Usually
an action will be one of "-j DROP" to drop the package, "-j ACCEPT", to accept the packet
or "-j LOG" to log it.

Commands

The first step is to know iptables commands.

Main commands

* -A --append : Add the rule a the end of the specified chain

Code:
iptables -A INPUT ...

* -D --delete : Allow to delete a chain.


There's 2 way to use it, you can specify the number of the chain to delete or specify the rule
to delete

Code:
iptables -D INPUT 1
iptables -D INPUT --dport 80 -j DROP

* -R --replace : Allow to replace the specified chain

Code:
iptables -R INPUT 1 -s 192.168.0.1 -j DROP

* -I --insert : Allow to add a chain in a specific area of the global chain

Code:
iptables -I INPUT 1 --dport 80 -j ACCEPT

* -L --list : Display the rules

Code:
iptables -L # Display all the rules of the FILTER chains
iptables -L INPUT # Display all the INPUT rules (FILTER)

* -F --flush : Delete all the rules of a chain

Code:
iptables -F INPUT # Delete all the rules of the INPUT chain
iptables -F # Delete all the rules
* -N --new-chain : Allow to create a new chain

Code:
iptables -N LOG_DROP

* -X --delete-chain : Allow to delete a chain

Code:
iptables -X LOG_DROP # Delete the LOG_DROP chain
iptables -X # Delete the chains

* -P --policy : Allow to specify to the kernel the default policy of a chain ACCEPT,
REJECT, DROP ...
Code:
iptables -P INPUT DROP

Basic Uses

The most common use of iptables is to simply block and allow traffic.

Allow Traffic

Iptables allows you to allow traffic based on a number of different conditions such as
Ethernet adapter, IP Address, port, and protocol.

Allow incoming TCP traffic on port 22 (ssh) for adapter eth0


iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

Allow incoming TCP traffic on port 80 (HTTP) for the IP range 192.168.0.1 to
192.168.0.254.
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT

Block Traffic

Iptables can block traffic on the same conditions that traffic can be allowed.

Blocks inbound TCP traffic port 22 (ssh)


iptables -A INPUT -p tcp -m tcp --dport 22 -j DRROP

Blocks inbound TCP traffic on port 80 (HTTP) from the IP 192.168.1.100


iptables -A INPUT -s 192.168.1.100 -p tcp -m tcp --dport 80 -j DRROP

Limit Traffic

Along with allowing and denying traffic IP tables can be used to limit the number of
connections allowed over time thresholds.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --update --
seconds 60 --hitcount 4 -j DRROP

[:p:] this is a common set of rules used to block brute force ssh attacks. The first rule makes
sure the IP connecting is added to the sshbrute list. The second rule tells iptables to check the
sshbrute list and if the packet threshold is exceeded to drrop the traffic.

Common Options and Switches


-A -- adds a rule at the end of the chain
-I -- inserts the rule at the given rule number. If no rule number is given the rule is inserted at
the head of the chain.
-p -- protocol of the rule
--dport the destination port to check on the rule
-i -- interface on which the packet was received.
-j -- what to do if the rule matches
-s -- source IP address of packet
-d -- destination IP address of packet

Examples :

Drop all inbound telnet traffic


iptables -I INPUT -p tcp --dport 23 -j DROP

Drop all outbound web traffic


iptables -I OUTPUT -p tcp --dport 80 -j DROP

Drop all outbound traffic to 192.168.0.1


iptables -I OUTPUT -p tcp --dest 192.168.0.1 -j DROP

Allow all inbound web traffic


iptables -I INPUT -p tcp --dport 80 -j ACCEPT

Allow inbound HTTPS traffic from 10.2.2.4


iptables -I INPUT -s 10.2.2.4 -p tcp -m tcp --dport 443 -j DROP

Deny outbound traffic to 192.2.4.0-192.2.4.255


iptables -I OUTPUT -d 192.2.4.6.0/24 -j DROP

Allow incoming connections to port 21 from one IP address 11.22.33.44


iptables -A INPUT -p tcp -m state --state NEW --dport 21 --source 11.22.33.44

Deny all other incoming connections to port 21.


iptables -A INPUT -p tcp -m state --state NEW --dport 21 -j DROP

We used the "-m state --state NEW --dport 21" to match against new connections to port 21.
Other options allow you to match against different things.

ref:
http://ubuntuforums.org/showthread.php?t=159661
http://www.higherpass.com/linux/Tutorials/Iptables-Primer/

You might also like