iptables (Linux Firewall) is a command-line firewall utility that uses policy chains to allow or block traffic. iptables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. Iptables uses a set of tables which have chains that contain set of built-in or user defined rules.
At a first look, iptables might look complex or even confusing. But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.
IPtables (Linux Firewall) Tables and Chains:
IPTables has the following 4 types of tables.
a) Filter Table:
INPUT chain: Incoming to firewall. For packets coming to the local server.
OUTPUT chain: Outgoing from firewall. For packets generated locally and going out of the local server.
FORWARD chain: Packet for another NIC on the local server. For packets routed through the local server.
The filter table is one of the most widely used tables in iptables. The filter table is used to make decisions about whether packet continue to its destination or to deny its request. Iptables’s filter table has the following built-in chains.
To view the Filter table rules run the following command.
# iptables -t filter --list
# iptables --list
b) NAT Table:
PREROUTING chain: It is used for altering a packet as soon as it’s received. This helps to translate the destination ip address of the packets to something that matches the routing on the local server.
POSTROUTING chain: It is used for altering packets as they are about to go out. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server.
OUTPUT chain: It is used for locally generated packets on the firewall.
The nat table is used to implement network address translation rules. A table that is consulted when a packet tries to create a new connection. This is often used to route packets to networks when direct access is not possible.
To view the NAT table rules run the following command.
# iptables -t nat --list
c) Mangle Table:
The mangle table is used to alter the IP headers of the packet in various ways. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.
To view the Mangle table rules run the following command.
# iptables -t mangle --list
d) Raw Table:
The raw table has a very narrowly defined function. Its only purpose is to provide a mechanism for marking packets in order to opt-out of connection tracking.
To view the Raw table rules run the following command.
# iptables -t raw --list
The rules in the iptables list command output contains the following fields:
num: Rule number within the particular chain
target: Special target variable that we discussed above
prot: Protocols. tcp, udp, icmp, etc.,
opt: Special options for that specific rule.
source: Source ip-address of the packet
destination: Destination ip-address for the packet