Blog

Linux iptables basics

Learn the basics of using iptables for traffic control and security in Linux. This guide covers essential commands and configurations to manage firewall rules effectively.

Dmytro
firewall iptables linux network security traffic control system administration

Linux Iptables Basics

There is a powerful tool to control traffic in the Linux operating system – firewall, which is called iptables. In addition to basic security features, iptables can be used for various applications, such as providing broadcast addresses and ports and setting priorities. Let’s look at examples of using iptables for basic tasks.

Basic Syntax

The common syntax for iptables to set rules is:

iptables -A <chain> -s <source> -j <action>

Delete All Rules in a Specific Queue

To delete all rules with a specific queue, use the command:

iptables -F <queue>

Block Traffic from a Specific IP

To block all traffic from a specific IP, execute:

iptables -A INPUT -s 1.2.3.4 -j DROP

Using DROP will destroy all IP packets from the specified address without notifying the sender. If you want to inform the sender about the unavailability of the node, use the REJECT command:

iptables -A INPUT -s 1.2.3.4 -j REJECT

Filtering by Protocol

You can also filter traffic by protocol. For instance, to block only UDP from a specific sender, you would use:

iptables -A INPUT -p UDP -s 1.2.3.4 -j DROP

Block SSH Access

To prevent a specific host from connecting to your server via SSH (port 22), use:

iptables -A INPUT -p TCP -s 1.2.3.4 --dport 22 -j DROP

Logging Operations

To log operations of certain rules, you can set up logging for incoming packets and then drop them as follows:

iptables -A INPUT -p TCP -s 1.2.3.4 --dport 22 -j LOG --log-prefix "SSH Filter:"
iptables -A INPUT -p TCP -s 1.2.3.4 --dport 22 -j DROP

Blocking a Network

To block a whole network, use CIDR notation. For example:

iptables -A INPUT -p TCP -s 10.0.0.0/24 --dport 80 -j DROP

Checking Contents of IP Packets

You can log packets containing specific strings, like:

iptables -I INPUT -p TCP -m string --string "hack.php" -j LOG --log-prefix "HACK:"

Limiting Connections

To limit the number of simultaneous connections from a single IP, you could use:

iptables -A INPUT -p TCP --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT

You can also limit new connections per minute:

iptables -A INPUT -p TCP --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

Maintaining Iptables Rules

To maintain iptables rules during system reboots, use:

  • For CentOS: 
    service iptables save
  • For Debian, install the iptables-persistent package: 
    aptitude install iptables-persistent

Important Note

Errors may occur during the installation process, potentially blocking your access. It’s advisable to have console access to your server so you can drop erroneous rules if necessary.

Need Help?

Our support team is available 24/7 to assist you with any questions or issues.

Contact Support