iptables is a command-line utility in Linux that allows system administrators to configure the kernel’s built-in packet filtering and NAT (Network Address Translation) rules. It is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. These rules control the incoming and outgoing network traffic, determining which packets are allowed or blocked based on various criteria.
Key Concepts:
- Tables: iptables uses different tables to categorize rules for different purposes:
- filter: The default table, used for filtering network packets. It has three built-in chains:
INPUT
,FORWARD
, andOUTPUT
. - nat: Used for Network Address Translation. Common chains include
PREROUTING
,POSTROUTING
, andOUTPUT
. - mangle: Used for specialized packet alterations.
- raw: Used for configuration exemptions from connection tracking.
- Chains: Each table contains chains, which are lists of rules that match certain types of network traffic.
- INPUT: Controls incoming traffic to the local system.
- OUTPUT: Controls outgoing traffic from the local system.
- FORWARD: Controls traffic passing through the system (used in routing).
- Rules: Each chain is made up of rules, which define what happens to a packet that matches specific criteria (such as IP address, port number, protocol, etc.). Actions can include
ACCEPT
(allow the packet),DROP
(discard the packet),REJECT
(discard and send an error), or other targets likeLOG
.
Basic iptables Commands:
- List Rules:
sudo iptables -L
Displays all rules in the default filter
table.
- Add a Rule:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Allows incoming SSH traffic on port 22.
- Delete a Rule:
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
Removes the rule that allows SSH traffic on port 22.
- Block an IP Address:
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
Blocks all incoming traffic from the IP address 192.168.1.100
.
- Save iptables Rules:
On most systems, iptables rules are not persistent across reboots. To save the current rules:
sudo iptables-save > /etc/iptables/rules.v4
And restore them at boot:
sudo iptables-restore < /etc/iptables/rules.v4
Example Workflow:
- Allow SSH Traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- Block All Other Traffic:
sudo iptables -P INPUT DROP
This sets the default policy for incoming traffic to DROP
, meaning any traffic not explicitly allowed will be blocked.
- Allow HTTP and HTTPS Traffic:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- Save Rules:
sudo iptables-save > /etc/iptables/rules.v4
Advanced Features:
- Logging: You can log packets before dropping them, which helps in monitoring and debugging:
sudo iptables -A INPUT -p tcp --dport 23 -j LOG --log-prefix "Telnet access: "
sudo iptables -A INPUT -p tcp --dport 23 -j DROP
- NAT Configuration: iptables can also be used to configure NAT for routing traffic between different networks.
Security Considerations:
- Use Specific Rules: Avoid using broad rules that can open your system to unwanted traffic.
- Test Rules: Always test new rules carefully, especially on production systems, to avoid accidentally locking yourself out.
iptables is a powerful tool for managing network traffic on Linux systems, providing fine-grained control over how packets are processed and enhancing overall system security.