This document provides information about IPTables, a Linux firewall system used to control incoming and outgoing network traffic. It describes the three chains - INPUT, FORWARD, and OUTPUT - that IPTables uses to filter packets. It also outlines how to configure IPTables rules to accept, reject, or drop traffic based on IP addresses, ports, and other options. The document explains how to view the current IPTables configuration and how to persist rule changes so they are loaded after a reboot.
This document provides information about IPTables, a Linux firewall system used to control incoming and outgoing network traffic. It describes the three chains - INPUT, FORWARD, and OUTPUT - that IPTables uses to filter packets. It also outlines how to configure IPTables rules to accept, reject, or drop traffic based on IP addresses, ports, and other options. The document explains how to view the current IPTables configuration and how to persist rule changes so they are loaded after a reboot.
This document provides information about IPTables, a Linux firewall system used to control incoming and outgoing network traffic. It describes the three chains - INPUT, FORWARD, and OUTPUT - that IPTables uses to filter packets. It also outlines how to configure IPTables rules to accept, reject, or drop traffic based on IP addresses, ports, and other options. The document explains how to view the current IPTables configuration and how to persist rule changes so they are loaded after a reboot.
This document provides information about IPTables, a Linux firewall system used to control incoming and outgoing network traffic. It describes the three chains - INPUT, FORWARD, and OUTPUT - that IPTables uses to filter packets. It also outlines how to configure IPTables rules to accept, reject, or drop traffic based on IP addresses, ports, and other options. The document explains how to view the current IPTables configuration and how to persist rule changes so they are loaded after a reboot.
IPTables IPTables: a linux firewall system used to allow or block traffic into a network. IPTables uses the chain concept. A chain is a rule, and these rules fall under INPUT, FORWARD and OUTPUT
INPUT chain: controls incoming packets. This is where you can block or allow incoming/new connections. FORWARD chain: controls packets that need to be forwarded/routed to a different end location OUTPUT chain: controls outgoing packets and connections. The output chain is used to return the data back to the requester
Configuring/Modifying IPTables IPTables Verbs ACCEPT means to let the packet through. DROP means to drop the packet on the floor. REJECT blocks an attempted connection and sends an error message to the client (connection source) RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain. If
Standard options to the iptables -A command:
-i (interface): the network interface that you want its traffic filtered. Can be one of, eth0, lo, ppp0, wlp2o, etc. You can get these interfaces by running ifconfig -p (protocol): the protocol whose traffic is to be filtered -s (source): The source IP address or hostname of the traffic -dport (destination port): the destination port number of the protocol e.g. 22, 443, 80, etc -j (target): the target name (ACCEPT, DROP or RETURN).
The command mask if using all of them is as follows
target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination RETURN all -- anywhere anywhere
2/4 iptables.md 7/2/2020
From this output, all chains (INPUT, FORWARD and OUTPUT) are configured to ACCEPT. However if one say FORWARD was not configured to accept, then you could change that using the command
sudo iptables --policy INPUT ACCEPT
Only when a chain is configured to ACCEPT all connections can you then control access by blocking or forwarding IP addresses and/or port numbers.
However in a case when you only want to allow very specific IP Addresses, the default behavior would be to DROP all connections and only allow individual connections
sudo iptables --policy INPUT DROP
sudo iptables --policy FORWARD DROP
sudo iptables --policy OUTPUT DROP
How to allow connections
-A switch to iptables allows to modify the chain rules.
To ACCEPT packets from a specific IP address or hostname, specify the -s option
sudo iptables -A INPUT -s 192.168.43.57 -j ACCEPT
To REJECT packets (without sending an error message to client)
sudo iptables -A INPUT -s 10.10.10.10 -j DROP
The command above block connections from one IP Address: 10.10.10.10
To REJECT packets from a range of IP Addresses
sudo iptables -A INPUT -s 10.10.10.10/24 -j DROP
OR
3/4 iptables.md 7/2/2020
sudo iptables -A INPUT -m iprange --src-range 192.168.43.2-
192.168.43.243 -j DROP
To block a single port
sudo iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP
Notes:
It is important to reject connections for all other ports after you have defined any rules that make use of --dport
sudo iptables -A INPUT -j DROP
If you want to delete all configured rules, use the -F (flush) option
sudo iptables -F
To delete a rule use the -D option and the line number of the rule like
sudo iptables -D INPUT 3
This will drop rule #3
To view rules with line numbers use
sudo iptables -L --line-numbers
Persisting Changes After you are done with the changes, they need to be persisted. Use the command below to persist all changes. (The command is platform dependent). For Ubuntu run
sudo /sbin/iptables-save
You can use which iptables-save to see where the command is located.
