FUNDAMENTALS A Complete Guide for Beginners
The iptables command in Linux is used to set up, maintain and inspect the tables of IP packet filters. These tables contain built-in chains which are basically a set of rules to match packets going through the network. Each rule defines the action performed on a set of packets. In this article, you will learn about the essential applications of the iptables command with practical examples.
A. Description
The Linux-based Firewall is maintained by the IPv4/IPv6 packet filtering command iptables. The Firewall rules within this table specify targets for each packet. Targets can be any of the following:
- ACCEPT: Lets a packet come through the network.
- DROP: Rejects the packet from entering the network.
- QUEUE: Receives the packet and passes it to the queue.
- RETURN: Stops the current chain and resumes the next rule of the previous chain.
- filter: It is the default table displayed when the -t option is not passed. This table has the following built-in chains: INPUT, OUTPUT, and FORWARD.
- nat: This table is used when packets with a new connection arrive. Includes INPUT, OUTPUT, PREROUTING, and POSTROUTING built-in chains.
- mangle: It is consulted for specialized packet alteration. The two built-in chains within this table are OUTPUT and PREROUTING.
- raw: Configures exemptions from connection tracking. Built-in chains include OUTPUT and PREROUTING.
- security: Used for Mandatory Access Control (MAC) networking rules implemented by Linux Security Modules. It contains INPUT, OUTPUT, and FORWARD built-in chains.
B. Syntax
The syntax of the iptables command in Linux is as shown below. You can specify one of the tables along with multiple options.
iptables [-t table] [OPTION]...
C. Options
The iptables command in Linux comes with a range of options. These options are divided into three main groups: COMMAND, PARAMETERS and OTHER OPTIONS. Each of the groups is described below. You can look at the man page for more details.
man iptables
Commands
These options indicate a certain action to be performed. Only one of the following commands can be applied at a time.
- -A/–append: Appends rule/s to the end of a chain.
- -C/–check: Checks if a specified rule exists.
- -D/–delete: Deletes rule/s from a specified chain.
- -I/–insert: Inserts rule/s to a specified chain.
- -L/–list: Display all rules from a chain.
Parameters
The parameters are used to specify a rule.
- -d/–destination: Specifies destination.
- -p/–protocol: Specifies the protocol of a rule or, packet.
- -j/–jump: Specifies the target of a rule upon packet matching.
- -s/–source: Specifies source.
Other Options
These are the general options for the iptables command in Linux.
- –line-numbers: Adds a line number to the beginning of each rule.
- -n/–numeric: Displays numeric IP addresses and port numbers.
- -v/–verbose: Displays verbose output.
Re-Activating Firewall for Using the “iptables” Command in Linux
An activated Firewall on your system will enhance your experience of learning the command. Because with an activated Firewall, the IP tables are able to display a visible set of rules to work on. To activate the Firewall using the iptables command follow the below instructions.
Steps to Follow >
➊ Go to the Ubuntu Terminal.
➋ Then, disable the ufw by writing the following command in the command prompt:
sudo ufw disable
➌ Press ENTER.
❹ Now, type the following command in the command prompt:
sudo iptables --flush
❺ Press ENTER.
❻ Finally, enable the ufw by typing the following command in the command line:
sudo ufw enable
❼ Again, press ENTER.
Output >
In the following image, you can see that I have activated the Firewall on my system.
Practical Examples of the “iptables” Command in Linux
The iptabels command in Linux allows you to control the Firewall rules in your system. In this section, I will demonstrate the most basic iptables command applications with practical examples.
Example 1: Displaying Netfilter Firewall Status Using the “iptables” Command in Linux
You can display all the Firewall rules and status using the iptables command in Linux with the option -L. Moreover, Applying the options -n and -v will print the values in numeric and verbose format respectively. In this example, I will display the Firewall rules of my system. Follow the steps below to do the same.
Steps to Follow >
➊ At first, open the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -n -L -v
➌ Now, press the ENTER button.
Output >
In the following image, you can see that I have printed the Firewall rules on my terminal.
Similar Readings
- The “ftp” Command in Linux [14 Practical Examples]
- The “host” Command in Linux [10 Practical Examples]
- The “scp” Command in Linux [4 Practical Examples]
- The “sftp” Command in Linux [6 Practical Examples]
Example 2: Displaying Firewall Rules With Line Numbers Using the “iptables” Command in Linux
You can display the FIrewall rules with line numbers by combining the –line-number and -L options with the iptables command in Linux. To generate a numeric and verbose output of the rules, use the -n and -v options. In this example, I will print the Firewall rules of IP tables with line numbers. You can do the same by following the given instructions.
Steps to Follow >
➊ At first, go to the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -n -L -v --line-numbers
➌ Press the ENTER button.
Output >
In the image below, you can see that I have displayed the Firewall rules with line numbers.
Example 3: Checking If a Rule is Present in the Tables Using the “iptables” Command in Linux
You can check whether a rule exists on your Firewall or not using the iptables command in Linux with the option –check. In this example, I will check if the “-s 192.168.254.0 -j DROP” rule exists in the INPUT chain of the filter table. To do the same you can follow the steps below.
Steps to Follow >
➊ Launch the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -t filter --check INPUT -s 192.168.254.0 -j DROP
➌ Hit the ENTER button.
Output >
In the given image, you can see that the desired rule exists in the filter table.
Example 4: Inserting Firewall Rules Using the “iptables” Command in Linux
You can insert a new rule in your systems IP tables using the -I option with the iptables command in Linux. In this example, I will insert the rule “-s 192.168.254.0 -j DROP” at the 2nd line of the INPUT chain. You can do the same by following the given steps.
Steps to Follow >
➊ Open the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -I INPUT 2 -s 192.168.254.0 -j DROP
➌ Press ENTER.
Output >
In the image below, you can see that I have inserted the desired rule at the 2nd line of the INPUT chain.
Example 5: Deleting Firewall Rules Using the “iptables” Command in Linux
You can delete a Firewall rule using the iptables command with the -D option. In this example, I will delete the existing “-s 192.168.254.0 -j DROP” rule from the INPUT chain. In the image, below you can see the rule specified in line no. 2. To delete this rule follow the given steps.
Steps to Follow >
➊ Launch the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -D INPUT -s 192.168.254.0 -j DROP
➌ Now, hit the ENTER button.
Output >
In the following image, you can see that I have deleted the desired rule. Therefore, it is no longer present in the 2nd line of the INPUT chain.
Similar Readings
- The “ dig” Command in Linux [10 Practical Examples]
- The “hostname” Command in Linux [12 Practical Examples]
- The “ip” Command in Linux [9+ Practical Examples]
- The “ifconfig” Command in Linux [6+ Practical Examples]
Example 6: Blocking an IP Address Using the “iptables” Command in Linux
You can block an IP address using the iptables command in Linux. Moreover, You can append a certain rule for blocking using the -A option. The IP address to be blocked can be indicated as a source with the option -s. Upon receiving a packet from the specified IP address, you can block it by setting its target to DROP with the option -j. In this example, I will block the address “192.168.254.0”. Follow the process given below to do the same.
Steps to Follow >
➊ At first, go to the Ubuntu Terminal.
➋ Type the following command in the command prompt:
sudo iptables -A INPUT -s 192.168.254.0 -j DROP
➌ Now, press the ENTER button.
Output >
In the image below, you can see that I have appended the rule to block the IP address “192.168.254.0”.
Conclusion
In this article, I have illustrated the frequent uses of the iptables command in Linux to maintain the FIrewall IP tables. In addition, this is a very handy command that gives users the privilege to manipulate Firewall rules and Networks connected to the system. I hope, learning this command with practical examples will help you with the command line and Linux Security.
Similar Readings
- The “netstat” Command in Linux [22 Practical Examples]
- The “nslookup” Command in Linux [12 Practical Examples]
- The “ufw” Command in Linux [12+ Practical Examples]
- The “ssh” Command in Linux [18 Practical Examples]
- The “traceroute” Command in Linux [13 Practical Examples]
- The “rsync” Command in Linux [10 Practical Examples]