Linux IP tables is a built-in firewall utility in Linux operating systems that allows users to configure and manage incoming and outgoing network traffic. The iptables utility works by creating rules that filter and manipulate network packets based on various parameters such as IP addresses, ports, and protocols.
Here are some basic iptables commands that can be used to manage your firewall:
- List the current iptables rules:
sudo iptables -L
- Allow incoming traffic on a specific port:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- Block incoming traffic from a specific IP address:
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
- Save iptables rules:
sudo iptables-save > /etc/iptables/rules.v4
- Flush all iptables rules:
sudo iptables -F
Here are some useful tricks you can use with iptables:
- To block incoming and outgoing traffic to specific IP addresses, you can use the -s and -d options.
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
sudo iptables -A OUTPUT -d 192.168.1.100 -j DROP
- To block incoming and outgoing traffic to specific port, you can use the –dport and –sport options.
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
sudo iptables -A OUTPUT -p tcp --sport 80 -j DROP
- To block incoming and outgoing traffic for a specific protocol, you can use the -p option.
sudo iptables -A INPUT -p icmp -j DROP
sudo iptables -A OUTPUT -p icmp -j DROP
- To block incoming traffic from a specific country, you can use the xt_geoip module
sudo iptables -I INPUT -m geoip --src-cc US -j DROP
It’s important to note that iptables is a powerful tool and that any changes made to the firewall configuration can affect the security and accessibility of your system. It’s always a good idea to test your changes in a safe environment before implementing them in a production system.
It is also important to keep in mind that iptables rules are flushed on reboot, so make sure to save them in a way that they will be reloaded after reboot.