Home » Linux » Using Linux iptables for a firewall

Using Linux iptables for a firewall

Update on:
May 17, 2021

In this article, we are going to set up a firewall using iptables. iptables is the standard firewall software present in most Linux distributions. We are going to use these set of rules to filter the network traffic. You can protect the server from unwanted traffic by filtering the data packets by specifying the source or destination IP address, port addresses, protocol types, network interfaces, and so on. We can configure this for accepting, rejecting, or forwarding network packets.

Rules are arranged in chains. By default, there are three chains (input, output, and forward). The input chain handles incoming traffic, while the output chain handles outgoing traffic. The forward chain handles routing traffic. Each chain has a default policy to adhere to if network packets do not match any policy inside the chain.


Please check that the following requirements are satisfied before proceeding to the next activity:

  • Root privileges
  • SSH access (command line access to the server)
  • Make sure you have gt and looptools installed in your Linux environment
  • Basic skills for working on a Linux environment

How to do it

Now, we are going to see some of the iptables commands:

  • Run the following command to list all the rules that are set on the server:
[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzIC1M” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzIC1M[/et_pb_dmb_code_snippet]
  • To allow incoming traffic from a specific port, use the following command:
[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzIC1BIElOUFVUIC1wIHRjcCAtLWRwb3J0IDQzMjEgLWogQUNDRVBU” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzIC1BIElOUFVUIC1wIHRjcCAtLWRwb3J0IDQzMjEgLWogQUNDRVBU[/et_pb_dmb_code_snippet]

This rule will allow incoming traffic from port 4321. The firewall needs to be restarted to make this rule effective.

 Using iptables, you can block the incoming traffic. For that, run the following command:

[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzIC1BIElOUFVUIC1qIERST1A=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzIC1BIElOUFVUIC1qIERST1A=[/et_pb_dmb_code_snippet]
  • If any new rules are added in the iptables, we should save them first. Otherwise, after a system reboot, they will disappear. Run the following command to saving the iptables after adding new rules:
[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzLXNhdmU=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzLXNhdmU=[/et_pb_dmb_code_snippet]
  • The default file where rules are saved might differ depending on which Linux distribution you are working on.
  • We can save rules in a specific file by using the following command:
[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzLXNhdmUgPiAvcGF0aC90by90aGUvZmlsZQ==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzLXNhdmUgPiAvcGF0aC90by90aGUvZmlsZQ==[/et_pb_dmb_code_snippet]
  • You can restore these rules that are saved in the file. Run the following command:
[et_pb_dmb_code_snippet code=”JCBzdWRvIGlwdGFibGVzLXJlc3RvcmUgPiAvcGF0aC90by90aGUvZmlsZQ==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIGlwdGFibGVzLXJlc3RvcmUgPiAvcGF0aC90by90aGUvZmlsZQ==[/et_pb_dmb_code_snippet]

How it works

Using iptables, we can control the incoming traffic, drop the traffic on a specific port, and add new rules and save them.

Related Posts

Creating a lame utility HTTP server in Linux Operating System

In this article, we will discuss the cURL tool in Linux. The cURL tool is used for transferring the data from or to a server. It supports many protocols, and http is one of them. cURL is used to transfer the data from URL. It has so many tricks to offer, such as http...

Finding binary dependencies in Linux Operating System

In this article, we are going to check the executable. We will find out which string is present in it by using the string command.PrerequisitesBesides having a terminal open, make sure you have a binary present in your directory.Find dependencies First, we...

Capturing network traffic headlessly in Linux Operating System

In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.PrerequisitesBesides...

Follow Us

Our Communities

More on Linux

The Ultimate Managed Hosting Platform
Load WordPress Sites in as fast as 37ms!



Submit a Comment

Your email address will not be published.

twenty − thirteen =