[Begginers] Managing Firewall with Iptables

Eugene

What is Iptables?

Iptables is a firewall program for Linux. It allows administrators to define rules that control inbound, outbound, and forwarded traffic based on various criteria such as IP addresses, ports, and protocols. It acts as a firewall, helping to secure your system against unauthorized access and malicious traffic.

How Iptables Works

Rules & Chains – Iptables operates using rules that define how to handle network packets, organized into chains (INPUT, OUTPUT, FORWARD).

• INPUT - handles incoming packets whose destination is a local application or service. The chain is in the filter and mangle tables.
• OUTPUT - Manages outgoing packets generated on a local application or service. All tables contain this chain.
• FORWARD - Works with packets that pass through the system from one network interface to another. The chain is in the filter, mangle, and security tables.

Tables – Different tables serve specific purposes:

• filter (default, used for packet filtering)
• nat (for network address translation)
• mangle (for modifying packet headers)
• raw (for exemptions from connection tracking)

Packet Flow – When a packet reaches the system, iptables checks it against rules in the appropriate chain and decides whether to ACCEPT, DROP, or REJECT it.

• ACCEPT - Allows the packet to pass through the firewall.
• DROP - Discards the packet without informing the sender.
• REJECT - Discards the packet and returns an error response to the sender.

Order of Rules – Rules are processed sequentially, meaning the first matching rule determines the packet’s fate.
Persistence – Rules set with iptables commands are temporary; to make them permanent, they must be saved and reloaded after a reboot.

Important! Iptables rules only apply to ipv4. If you want to set up a firewall for the ipv6 protocol, you will need to use ip6tables instead.

1. Installing Iptables on the server

Iptables is installed by default on most Linux distributions. To confirm that iptables is installed, run:
iptables --version
1.1. The command shows the version number. If the package is not found, check the guide on your installed OS:

Debian/Ubuntu

sudo apt install iptables

1.2. To keep iptables firewall rules after reboot, install the persistent package:
sudo apt install iptables-persistent

1.3. Enable the netfilter-persistent service on restart
sudo systemctl enable netfilter-persistent

AlmaLinux/Rocky Linux (RHEL)

sudo yum install iptables

1.2. To persist firewall rules after restart, install the following package:
sudo yum install iptables-services

1.3. Enable the service automatically when the system reboots:
sudo systemctl enable iptables

2. Configuring the Iptables

The tutorial shows on how to manage with the most used ports for your server. However you can use any preferred port to adapt for your needs.

2.1. Check current Iptables rules before making changes:
sudo iptables -L -v -n

• L → Lists rules
• v → Shows more details
• n → Disables DNS lookup for faster output

2.2. If you want to start fresh, you can clear the rules:
sudo iptables -F
2.3. To remove chains use the command below:
sudo iptables -X

2.4. Define default behavior for each chain:
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

• DROP all incoming and forwarded packets by default.
• ACCEPT outgoing traffic.

2.5. Allow Loopback traffic. Allowing traffic from your system (localhost) is secure and allows applications to communicate with the localhost interface. Enter the following to append the INPUT chain:
sudo iptables -A INPUT -i lo -j ACCEPT

2.6. Allow SSH access. The port (22) can be changed if needed:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

2.7. Allow HTTP & HTTPS web traffic:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

2.8. Allow ICMP (ping requests):
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
2.8.1. Either remove the possibility to ping requests:
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

It means you can either allow with ACCEPT or disable with DROP commands any rule.

2.9. Control traffic by IP address:
sudo iptables -A INPUT -s [IP-address] -j ACCEPT
It is allowed to insert one IP address per rule, it means you need to create separate rules.
2.9.1. You can also reject traffic from an IP address or IP address range:
sudo iptables -A INPUT -m iprange --src-range [IP-address-range] -j REJECT

2.10. Save the rules:

Do not forget to make the rules persistent. Any time you make a change, it will not be saved after the next reboot!

Debian/Ubuntu
sudo netfilter-persistent save

AlmaLinux/Rocky Linux (RHEL)
sudo service iptables save

3. Backing up and restoring the Iptables

3.1. To save the current iptables rules to a file run this command (use naming and path for your own server):
sudo iptables-save > ~/iptables-backup.txt

3.2. To restore rules from a backup file run the command (with your naming and path to the file):
sudo iptables-restore < ~/iptables-backup.txt

Conclusion

Iptables is a powerful tool for managing network security on Linux. By understanding how to configure filtering rules, allow necessary traffic, and block unwanted connections, you can effectively protect your system. Always remember to save your rules to make them persistent and regularly review them to adapt to new security needs. With this guide, you now have the foundation to manage iptables confidently.