Linux Firewall – Basic Guide of IPTables

iptables (Linux Firewall) is a command-line firewall utility that uses policy chains to allow or block traffic. iptables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. Iptables uses a set of tables which have chains that contain set of built-in or user defined rules.

Linux Firewall

At a first look, iptables might look complex or even confusing. But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.

IPtables (Linux Firewall) Tables and Chains:

IPTables has the following 4 types of tables.

a) Filter Table:
The filter table is one of the most widely used tables in iptables. The filter table is used to make decisions about whether packet continue to its destination or to deny its request. Iptables’s filter table has the following built-in chains.

  • INPUT chain: Incoming to firewall. For packets coming to the local server.
  • OUTPUT chain: Outgoing from firewall. For packets generated locally and going out of the local server.
  • FORWARD chain: Packet for another NIC on the local server. For packets routed through the local server.
  • To view the Filter table rules run the following command.

    # iptables -t filter --list
    [or]
    # iptables --list
    

    b) NAT Table:
    The nat table is used to implement network address translation rules. A table that is consulted when a packet tries to create a new connection. This is often used to route packets to networks when direct access is not possible.

  • PREROUTING chain: It is used for altering a packet as soon as it’s received. This helps to translate the destination ip address of the packets to something that matches the routing on the local server.
  • POSTROUTING chain: It is used for altering packets as they are about to go out. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server.
  • OUTPUT chain: It is used for locally generated packets on the firewall.
  • To view the NAT table rules run the following command.

    # iptables -t nat --list
    

    c) Mangle Table:
    The mangle table is used to alter the IP headers of the packet in various ways. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.

  • PREROUTING chain
  • OUTPUT chain
  • FORWARD chain
  • INPUT chain
  • POSTROUTING chain
  • To view the Mangle table rules run the following command.

    # iptables -t mangle --list
    

    d) Raw Table:
    The raw table has a very narrowly defined function. Its only purpose is to provide a mechanism for marking packets in order to opt-out of connection tracking.

  • PREROUTING chain
  • OUTPUT chain
  • To view the Raw table rules run the following command.

    # iptables -t raw --list
    

    The rules in the iptables list command output contains the following fields:

  • num: Rule number within the particular chain
  • target: Special target variable that we discussed above
  • prot: Protocols. tcp, udp, icmp, etc.,
  • opt: Special options for that specific rule.
  • source: Source ip-address of the packet
  • destination: Destination ip-address for the packet

    Enjoy it!

  • Leave a Reply

    Your email address will not be published.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.