iptables is a tool for configuring network firewall rules on Linux. Here are the steps to configure a firewall on a Linux system using iptables.
Update the system. For security reasons, developers need to provide frequent package updates to distributions and operating systems.
Install the iptables firewall in ubuntu. There are two different versions of iptables, IPv4 and IPv6, which cannot work together and need to be configured separately. This section uses IPv4 as an example. iptables is installed by default on most linux systems. Ensure that the iptables installation commands are as follows:
sudo apt-get install iptables
To ensure that the iptables rules are still valid after a reboot, you need to install the iptables persistent package using the following command:
sudo apt-get install iptables-persistent
Once installed, the iptables folder will contain two files for IPV4 and IPV6 rules:
/etc/iptables/rules.v4
/etc/iptables/rules.v6
In general, the iptables commands are as follows:
sudo iptables [option] CHAIN_rule [-j target]
Here is a list of some common iptables options:
·-A --append: Adds the rule to the string (at the end).
·-C --check: searches for rules that match the string requirements.
·-D --delete: deletes the specified rule from the string.
·-F --flush: deletes all rules.
·-I --insert: Adds a rule to the string at a given position.
·-L --list: Displays all rules in the string.
· -N-new chain: Creates a new string.
·-v --verbose: Displays more information when using the list option.
·-X --delete-chain: deletes the provided string.
Check the current status of iptables to display all the current rules of the server:
sudo iptables -L
The system will display the channel status, and the output will list three strings.
:~# sudo iptab
Chain INPUT (policy ACCEPT)
Carget prot opt source destination
Chain FORWARD (policy ACCEPT)
tarqet prot opt source destination
Chain OUTPUT (policy ACCEPT)
tarqet prot opt source destination
:~#
Allow traffic on the local host through:
sudo iptables -A INPUT -i lo -j ACCEPT
This command configures the firewall to accept traffic from the local host (lo) interface (-i). This rule should be set to allow the application to communicate with the local host interface. In this way, content from the system can pass through the firewall.
A port is a communication endpoint specified for characteristic type data. Allows traffic on a specific port to pass through. The following rules can specify traffic on different ports. Allow HTTP Web traffic commands:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
To allow inbound SSH (secure shell) traffic, enter the following (SSH port number 22 is used by default, adjust the command according to the port number) :
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
To allow HTTPS Internet traffic, enter the following command:
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Among them:
-p: checks the specified protocol (tcp).
--dport: specifies the destination port.
-j jump: performs an operation.
Use the following command to receive traffic from featured IP addresses:
sudo iptables -A INPUT -s your_IP_address_to_authorise -j ACCEPT
Replace the IP address in the command with the IP address to be authorized. You can also block a specific IP traffic:
sudo iptables -A INPUT -s your_IP_address_to_block -j DROP
This command IP address is replaced with the IP address that needs to be blocked. To deny traffic from an IP address range:
sudo iptables -A INPUT -m iprange --src-range your_start_IP_address-your_end_IP_address -j REJECT
· -m: matches the specified option.
·-iprange: indicates that the system waits for an IP address range instead of an IP address.
·--src-range: indicates the IP address range.
In defining iptables firewall rules, delete all traffic from other ports to prevent unauthorized access:
sudo iptables -A INPUT -j DROP
Option A adds a new rule to the string. If the connection passes through a port other than the one you defined, the connection will be broken. A more precise way to delete a rule is to delete the line number of the rule:
sudo iptables -P INPUT DROP
Start by entering the following command to list all the rules:
sudo iptables -L --line-numbers
Find the firewall rule line that you want to remove and run the following command:
sudo iptables -D INPUT <Number>
<Number>
Replace with the number of the rule line to be deleted. Finally save your changes. After the system is restarted, iptables does not save the newly created rules. To save the rules on an Ubuntu-based system. Log in to sudo su as root:
ubuntu@server:~$ sudo su
root@server:/home/ubuntu#
Run again:
iptables-save > /etc/iptables/rules.v4
This saves the rules directly in the IPv4 folder, and the next time the system restarts, iptables automatically reloads the firewall rules.