Bobcares

A Guide to the iptables Commands in Linode

by | Nov 22, 2024

Learn how to use iptables commands in Linode. Our Linode Support team is here to help you with your questions and concerns.

A Guide to the iptables Commands in Linode

A Guide to the iptables Commands in LinodeThe iptables command is a useful tool used to configure and manage the Linux kernel’s built-in firewall. It defines rules for controlling network traffic through tables and chains, enabling precise management of incoming and outgoing connections.

Today, we are going to explore its key features, including listing chains, setting default policies, and managing connections to ports and IPs.

An Overview:

What are Chains in iptables

Chains are lists of rules that match subsets of network packets. By default, the filter table contains three built-in chains: INPUT, FORWARD, and OUTPUT. We can list the rules in these chains using:

sudo iptables -LCopy Code

For example, the output might look like this:


Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Copy Code

How to Set Up Default Policies

By default, no rules are set in a fresh configuration. So, we need to start by setting the default target policy to define how traffic is handled:


sudo iptables --policy INPUT ACCEPT
sudo iptables --policy FORWARD ACCEPT
sudo iptables --policy OUTPUT ACCEPT
Copy Code

We can change the default policy to DROP or REJECT to block traffic unless explicitly allowed.

Block and Allow Connections by IP

To block all incoming traffic from a specific IP address, use:

sudo iptables -A INPUT -s 192.168.1.1 -j DROPCopy Code

For an entire subnet:

sudo iptables -A INPUT -s 192.168.1.1/24 -j DROPCopy Code

To block outgoing traffic to an IP:

sudo iptables -I OUTPUT -s 192.168.1.1 -j DROPCopy Code

This sets the default policy for all chains as “ACCEPT”. We can also opt to change this to “DROP” or “REJECT” if we want to disable access to any services on the server and manually allow the services we want to expose

Block and Allow Connections by Port

To block specific ports or services, specify the protocol and destination port as seen here:

  • Block incoming SSH connections on port 22:
    sudo iptables -I INPUT -p tcp --dport 22 -j DROPCopy Code
  • Block HTTP traffic on port 80:
    sudo iptables -I INPUT -p tcp --dport 80 -j DROPCopy Code
  • Block a specific IP from accessing a service:
    sudo iptables -I INPUT -p tcp --dport 80 -s  -j DROPCopy Code

To allow traffic, replace DROP with ACCEPT. You can also open a port in Linode via other methods. 

Save and Persist Rules

To save the rules so they persist after a reboot, run:

sudo /sbin/iptables-saveCopy Code

Alternatively, we can use:

sudo service iptables saveCopy Code

Delete and Clear Rules

To delete a specific rule, find its line number:

sudo iptables -L –line-numbersCopy Code

Then delete the rule using:

sudo iptables -D INPUT line_numberCopy Code

To clear all rules and start fresh:

sudo iptables -FCopy Code

How to Open Ports

To open an incoming port, such as 2525:

sudo iptables -A INPUT -p tcp --dport 2525 -j ACCEPTCopy Code

For outgoing ports, such as 3032:

sudo iptables -A OUTPUT -p tcp --dport 3032 -j ACCEPTCopy Code

Save the changes to persist:

sudo service iptables saveCopy Code

Best Practices for Managing iptables

  • Double-check the rules to avoid mistakes.
  • Before saving, test new rules to ensure they function as intended.
  • Save current settings to a file for quick restoration.
    sudo iptables-save > /path/to/backup_fileCopy Code

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

Mastering iptables gives us better control over server traffic, bolstering security and optimizing performance. While it requires careful handling, following structured approaches ensures reliable configurations for our Linux server.

In brief, our Support Experts demonstrated using iptables commands in Linode.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Speed issues driving customers away?
We’ve got your back!