Back to Commands

iptables

networkingLinux
The iptables command is one of the most frequently used commands in Linux/Unix-like operating systems. iptables Administration tool for IPv4 packet filtering and NAT
See ExamplesView Syntax

Quick Reference

Command Name:

iptables

Category:

networking

Platform:

Linux

Basic Usage:

iptables [options] [arguments]

Common Use Cases

    Syntax

    iptables [-t table] command [chain] [rule-specification] [options]

    Options

    Option Description
    -t, --table table The table to operate on (filter, nat, mangle, raw, security)
    -A, --append chain Append rule to the end of the specified chain
    -D, --delete chain rule Delete rule from chain
    -I, --insert chain [rule] Insert rule at position in chain (default 1)
    -R, --replace chain rule Replace rule in chain
    -L, --list [chain] List all rules in chain (or all chains)
    -F, --flush [chain] Delete all rules in chain (or all chains)
    -Z, --zero [chain] Zero packet and byte counters in chain
    -N, --new-chain chain Create a new user-defined chain
    -X, --delete-chain [chain] Delete a user-defined chain
    -P, --policy chain target Set policy for chain (ACCEPT or DROP)
    -E, --rename-chain old new Rename a user-defined chain
    -p, --protocol protocol Protocol of the rule (tcp, udp, icmp, all)
    -s, --source address Source address (network name, IP address, network/mask)
    -d, --destination address Destination address
    -i, --in-interface name Network interface name the packet was received on
    -o, --out-interface name Network interface name the packet will go out on
    -j, --jump target Target of the rule (ACCEPT, DROP, REJECT, etc.)
    -m, --match match Extended match (state, conntrack, limit, etc.)
    -v, --verbose Verbose output
    -n, --numeric Numeric output of addresses and ports
    --line-numbers Show line numbers when listing rules

    Examples

    How to Use These Examples

    The examples below show common ways to use the iptables command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    iptables -L
    List all rules in the filter table.
    iptables -L -v
    List all rules with packet and byte counters.
    # Advanced Examples Advanced
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT Accept incoming SSH connections. iptables -A INPUT -p tcp --dport 80 -j ACCEPT Accept incoming HTTP connections. iptables -A INPUT -p icmp -j ACCEPT Accept incoming ICMP (ping) requests. iptables -A INPUT -i lo -j ACCEPT Accept all traffic on the loopback interface. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Accept packets belonging to established connections. iptables -P INPUT DROP Set the default policy for the INPUT chain to DROP. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Enable NAT for outgoing connections. iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT Allow forwarding from eth1 to eth0. iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT Accept all connections from the 192.168.1.0/24 network. iptables -F Flush (delete) all rules.

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    iptables is a powerful command-line firewall utility for Linux operating systems that allows system administrators to configure the IP packet filter rules of the Linux kernel firewall. It's the user-space interface to the netfilter framework in the Linux kernel. Key features of iptables: 1. Packet Filtering: iptables can filter incoming, outgoing, and forwarded packets based on source/destination IP addresses, ports, protocols, and other packet attributes, allowing administrators to control what traffic is allowed through the system. 2. Stateful Inspection: Through its connection tracking system, iptables can maintain information about the state of network connections, enabling more sophisticated rule sets that consider the context of packets. 3. Network Address Translation (NAT): iptables provides NAT capabilities, allowing private networks to share public IP addresses (masquerading), redirect connections to different hosts/ports, and implement load balancing. 4. Packet Mangling: The mangle table allows modification of packet headers for specialized routing and quality of service implementations. 5. Tables and Chains Structure: iptables organizes rules into tables (filter, nat, mangle, raw, security) and chains (INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING), providing a structured approach to packet processing. 6. Extensible with Modules: iptables can be extended with modules to add functionality like rate limiting, string matching, time-based rules, and more. 7. IPv4 Specific: iptables works with IPv4 traffic. For IPv6, a separate utility called ip6tables is used, though they share the same syntax. Common use cases for iptables include: - Setting up firewalls to protect servers and networks - Implementing network security policies - Configuring NAT for home or office networks - Port forwarding for services behind firewalls - Traffic rate limiting and prioritization - Preventing certain types of attacks (DoS, port scanning) - Network troubleshooting and debugging While iptables remains widely used, newer Linux distributions are gradually transitioning to nftables, which offers a more modern architecture while maintaining similar functionality. However, for compatibility reasons and due to its widespread adoption, iptables will likely remain relevant for years to come. Due to its complexity and power, iptables requires careful configuration, as incorrect rules can lead to locked-out systems or security vulnerabilities. Best practices include testing rule changes thoroughly and ensuring there's a way to recover if remote access is accidentally blocked.

    Related Commands

    These commands are frequently used alongside iptables or serve similar purposes:

    ip6tables
    nftables
    firewalld
    ufw
    ip
    tc
    netfilter
    ipset
    conntrack
    arptables
    ebtables
    iproute2
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the iptables command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ iptables
    View All Commands