The “iptables” Command in Linux [6 Practical Examples]

LINUX
FUNDAMENTALS
A Complete Guide for Beginners Enroll Course Now

The iptables command in Linux is used to set up, maintain and inspect the tables of IP packet filters. These tables contain built-in chains which are basically a set of rules to match packets going through the network. Each rule defines the action performed on a set of packets. In this article, you will learn about the essential applications of the iptables command with practical examples.

A. Description

The Linux-based Firewall is maintained by the IPv4/IPv6 packet filtering command iptables. The Firewall rules within this table specify targets for each packet. Targets can be any of the following:

  • ACCEPT: Lets a packet come through the network.
  • DROP: Rejects the packet from entering the network.
  • QUEUE: Receives the packet and passes it to the queue.
  • RETURN: Stops the current chain and resumes the next rule of the previous chain.
Note: The present Linux distribution comes with five independent tables. A description of each table is given below.

  • filter: It is the default table displayed when the -t option is not passed. This table has the following built-in chains: INPUT, OUTPUT, and FORWARD.
  • nat: This table is used when packets with a new connection arrive. Includes INPUT, OUTPUT, PREROUTING, and POSTROUTING built-in chains.
  • mangle: It is consulted for specialized packet alteration. The two built-in chains within this table are OUTPUT and PREROUTING.
  • raw: Configures exemptions from connection tracking. Built-in chains include OUTPUT and PREROUTING.
  • security: Used for Mandatory Access Control (MAC) networking rules implemented by Linux Security Modules. It contains INPUT, OUTPUT, and FORWARD built-in chains.

B.  Syntax

The syntax of the iptables command in Linux is as shown below. You can specify one of the tables along with multiple options.

iptables [-t table] [OPTION]...
Note: In the above syntax OPTION and -t table enclosed by square brackets indicates that these are not mandatory and the 3 dots after the brackets represents that multiple OPTIONs can be utilized at the same time

C. Options

The iptables command in Linux comes with a range of options. These options are divided into three main groups: COMMAND, PARAMETERS and OTHER OPTIONS. Each of the groups is described below. You can look at the man page for more details.

man iptables

Commands

These options indicate a certain action to be performed. Only one of the following commands can be applied at a time.

  • -A/–append: Appends rule/s to the end of a chain.
  • -C/–check: Checks if a specified rule exists.
  • -D/–delete: Deletes rule/s from a specified chain.
  • -I/–insert: Inserts rule/s to a specified chain.
  • -L/–list: Display all rules from a chain.

Parameters

The parameters are used to specify a rule.

  • -d/–destination: Specifies destination.
  • -p/–protocol: Specifies the protocol of a rule or, packet.
  • -j/–jump: Specifies the target of a rule upon packet matching.
  • -s/–source: Specifies source.

Other Options

These are the general options for the iptables command in Linux.

  • –line-numbers: Adds a line number to the beginning of each rule.
  • -n/–numeric: Displays numeric IP addresses and port numbers.
  • -v/–verbose: Displays verbose output.
Note: The options in Linux CLI (Command Line Interface) are all case-sensitive, So be cautious while using them

Re-Activating Firewall for Using the “iptables” Command in Linux

An activated Firewall on your system will enhance your experience of learning the command. Because with an activated Firewall, the IP tables are able to display a visible set of rules to work on. To activate the Firewall using the iptables command follow the below instructions.

Steps to Follow >

➊ Go to the Ubuntu Terminal.

➋ Then, disable the ufw by writing the following command in the command prompt:

sudo ufw disable

➌ Press ENTER.

❹ Now, type the following command in the command prompt:

sudo iptables --flush

❺ Press ENTER.

❻ Finally, enable the ufw by typing the following command in the command line:

sudo ufw enable

❼ Again, press ENTER.

Output >

In the following image, you can see that I have activated the Firewall on my system.Re-activating Firewall using iptables command in linux.

Practical Examples of the “iptables” Command in Linux

The iptabels command in Linux allows you to control the Firewall rules in your system. In this section, I will demonstrate the most basic iptables command applications with practical examples.

Note: To set up and inspect the tables of IPv4/IPv6 packet rules you must run the iptables command as the superuser using the sudo keyword. Otherwise, you will not get permission to work on the tables

Example 1: Displaying Netfilter Firewall Status Using the “iptables” Command in Linux

You can display all the Firewall rules and status using the iptables command in Linux with the option -L. Moreover, Applying the options -n and -v will print the values in numeric and verbose format respectively. In this example, I will display the Firewall rules of my system. Follow the steps below to do the same.

Steps to Follow >

➊ At first, open the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -n -L -v

➌ Now, press the ENTER button.

Output >

In the following image, you can see that I have printed the Firewall rules on my terminal.Displaying Netfilter Firewall Status Using the iptables Command in Linux.


Similar Readings


Example 2: Displaying Firewall Rules With Line Numbers Using the “iptables” Command in Linux

You can display the FIrewall rules with line numbers by combining the –line-number and -L options with the iptables command in Linux. To generate a numeric and verbose output of the rules, use the -n and -v options. In this example, I will print the Firewall rules of IP tables with line numbers. You can do the same by following the given instructions.

Steps to Follow >

➊ At first, go to the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -n -L -v --line-numbers

➌ Press the ENTER button.

Output >

In the image below, you can see that I have displayed the Firewall rules with line numbers.Displaying Firewall Rules With Line Numbers Using the iptables Command in Linux.

Example 3: Checking If a Rule is Present in the Tables Using the “iptables” Command in Linux

You can check whether a rule exists on your Firewall or not using the iptables command in Linux with the option –check. In this example, I will check if the “-s 192.168.254.0 -j DROP” rule exists in the INPUT chain of the filter table. To do the same you can follow the steps below.

Steps to Follow >

➊ Launch the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -t filter --check INPUT -s 192.168.254.0 -j DROP

➌ Hit the ENTER button.

Output >

In the given image, you can see that the desired rule exists in the filter table.Checking If a Rule is Present in the Tables Using the iptables Command in Linux.

Example 4: Inserting Firewall Rules Using the “iptables” Command in Linux

You can insert a new rule in your systems IP tables using the -I option with the iptables command in Linux. In this example, I will insert the rule “-s 192.168.254.0 -j DROP” at the 2nd line of the INPUT chain. You can do the same by following the given steps.

Steps to Follow >

➊ Open the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -I INPUT 2 -s 192.168.254.0 -j DROP

➌ Press ENTER.

Output >

In the image below, you can see that I have inserted the desired rule at the 2nd line of the INPUT chain.Inserting Firewall Rules Using the iptables Command in Linux.

Example 5: Deleting Firewall Rules Using the “iptables” Command in Linux

You can delete a Firewall rule using the iptables command with the -D option. In this example, I will delete the existing  “-s 192.168.254.0 -j DROP” rule from the INPUT chain. In the image, below you can see the rule specified in line no. 2. To delete this rule follow the given steps.Firewall rule to be deleted.

Steps to Follow >

➊ Launch the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -D INPUT -s 192.168.254.0 -j DROP

➌ Now, hit the ENTER button.

Output >

In the following image, you can see that I have deleted the desired rule. Therefore, it is no longer present in the 2nd line of the INPUT chain.Deleting Firewall Rules Using the iptables Command in Linux.


Similar Readings


Example 6: Blocking an IP Address Using the “iptables” Command in Linux

You can block an IP address using the iptables command in Linux. Moreover, You can append a certain rule for blocking using the -A option. The IP address to be blocked can be indicated as a source with the option -s. Upon receiving a packet from the specified IP address, you can block it by setting its target to DROP with the option -j. In this example, I will block the address “192.168.254.0”. Follow the process given below to do the same.

Steps to Follow >

➊ At first, go to the Ubuntu Terminal.

➋ Type the following command in the command prompt:

sudo iptables -A INPUT -s 192.168.254.0 -j DROP

➌ Now, press the ENTER button.

Output >

In the image below, you can see that I have appended the rule to block the IP address “192.168.254.0”.Blocking an IP Address Using the iptables Command in Linux.

Conclusion

In this article, I have illustrated the frequent uses of the iptables command in Linux to maintain the FIrewall IP tables. In addition, this is a very handy command that gives users the privilege to manipulate Firewall rules and Networks connected to the system. I hope, learning this command with practical examples will help you with the command line and  Linux Security.


Similar Readings

Rate this post
Anonnya Ghosh

Hello there! I am Anonnya Ghosh, a Computer Science and Engineering graduate from Ahsanullah University of Science and Technology (AUST). Currently, I am working as a Linux Content Developer Executive at SOFTEKO. The strong bond between Linux and cybersecurity drives me to explore this world of open-source architecture. I aspire to learn new things further and contribute to the field of CS with my experience. Read Full Bio

Leave a Comment