Scaler
Academy
Data Science
AI/ML
DevOps
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
iptables Command in Linux

iptables Command in Linux

By Team Scaler
2 mins read
Last updated: 31 Aug 2023
147 views
Learn via video courses
Topics Covered

Overview

iptables is a powerful user-space utility for Linux that allows administrators to configure, manage, and maintain the IP packet filter rules of the Linux kernel's Netfilter framework. It provides a flexible, stateful packet filtering and Network Address Translation (NAT) system to secure and control network traffic.

Linux iptables Command Syntax

The syntax for the iptables command is as follows:

Where:

  • table: Specifies the packet filtering table to be used. The default table is 'filter'. Other options are 'nat', 'mangle', and 'raw'.
  • chain: Specifies the chain in the selected table to manipulate. Common chains are 'INPUT', 'OUTPUT', 'FORWARD', 'PREROUTING', and 'POSTROUTING'.

iptables Command Options:

  • -A: Append a rule to the specified chain.
  • -D: Delete a rule from the specified chain.
  • -I: Insert a rule in the specified chain at the specified position.
  • -R: Replace a rule in the specified chain at the specified position.
  • -L: List all rules in the specified chain or all chains.
  • -F: Flush (delete) all rules in the specified chain or all chains.
  • -Z: Zero (reset) the packet and byte counters in the specified chain or all chains.

Example Usages

  • List all rules in the 'filter' table:

    Output:

    Explanation: This command lists all the rules in the 'filter' table, showing the default policies for the INPUT, FORWARD, and OUTPUT chains.

  • Block all incoming traffic from a specific IP address:

    Explanation: This command appends a rule to the INPUT chain, dropping all incoming packets from the source IP address 192.168.1.10.

Tips

  • To make iptables rules persistent across reboots, use the 'iptables-save' and 'iptables-restore' commands or the 'iptables-persistent' package.

Advanced Use Cases of iptables Command in Linux

  • Allow SSH access from a specific IP address only:

    Explanation: This command appends a rule to the INPUT chain, allowing incoming SSH (port 22) connections only from the source IP address 192.168.1.10.

  • Limit the rate of incoming connections:

    Explanation: This command appends a rule to the INPUT chain, limiting the rate of incoming connections to 1 per second, with a burst allowance of 5 connections, for TCP traffic on port 80.

  • Set up a basic NAT:

    Explanation: This command appends a rule to the POSTROUTING chain of the 'nat' table, enabling basic Network Address Translation (NAT) for outgoing traffic on the eth0 network interface.

Conclusion

  • iptables is a powerful and flexible packet filtering tool for Linux.

  • It can be used for securing and controlling network traffic.

  • iptables rules can be made persistent across reboots.