![\"\"](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/11\/Linux-cheat-sheet-1024x283.png\")
<\/a><\/figure><\/div>\n\n\n\n\n
What Is Iptables?<\/h2>\n
\nIptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.<\/p>\n <\/div>\n\n\n\n<\/p>
How does iptables work?<\/h3>
When a packet<\/strong> matches a rule<\/strong>, it is given a target<\/strong>, which can be another chain or one of these special values:<\/p> In this iptables tutorial, we are going to work with one of the default tables, called filter<\/strong>. It consists of three chains:<\/p> Before we begin this guide, make sure you have SSH root<\/strong> or sudo<\/strong> access to your machine that runs on Ubuntu 22.04 or up. You can establish the connection through PuTTY (Windows) or terminal shell (Linux, macOS). If you own a Hostinger VPS<\/a> plan, you can get the SSH login details on the Servers tab of hPanel.<\/p> \n\n\n Important!<\/b> Iptables rules only apply to ipv4<\/strong>. If you want to set up a firewall for the ipv6<\/strong> protocol, you will need to use ip6tables<\/strong> instead. <\/p><\/div>\n\n\n\n<\/p> We will divide this iptables tutorial into three steps. First, you will learn how to install the tool on Ubuntu. Second, we are going to show you how to define the rules. Lastly, we’ll go over how to make persistent changes in iptables.<\/p> Iptables comes pre-installed in most Linux distributions<\/a>. However, if you don’t have it in your Ubuntu\/Debian system by default, follow the steps below:<\/p> Here, the -L<\/strong> option is used to list all the rules, and -v<\/strong> is for showing the info in a more detailed format. Below is an example output:<\/p> You will now have the Linux iptables firewall installed. At this point, you will notice that all chains are set to ACCEPT<\/strong> and have no rules. This is not secure since any packet can come through without filtering.<\/p> Don’t worry – we’ll teach you how to define rules in the next step.<\/p> Defining a rule means appending it to the chain. To do this, you need to insert the -A<\/strong> option (Append<\/strong>) right after the iptables command, like so:<\/p> It will alert iptables that you are adding new rules to a chain. Then, you can combine the command with other options, such as:<\/p> If you want to use all of them, you must write the commands in this order:<\/p> Once you understand the basic syntax, you can start configuring the firewall for more security. For this tutorial, we are going to use the INPUT<\/strong> chain as an example.<\/p> Enabling traffic on localhost<\/strong><\/p> To allow traffic on localhost, type this command:<\/p> We’ll use the lo<\/strong> or loopback<\/strong> interface for this demonstration. It is utilized for all communications on the localhost. The command above will make sure that the connections between a database and a web application on the same machine are working properly.<\/p> Enabling connections on HTTP, SSH, and SSL port<\/strong>s<\/p> Next, we want http<\/strong> (port 80<\/strong>), https<\/strong> (port 443<\/strong>), and ssh<\/strong> (port 22<\/strong>) connections to work as usual. To do this, we need to specify the protocol (-p<\/strong>) and the corresponding port (–dport<\/strong>). You can execute these commands one by one:<\/p> It’s time to check if the rules have been appended in iptables:<\/p> It should return with the results below which means all TCP protocol connections from the specified ports will be accepted:<\/p> Filtering packets based on source<\/strong><\/p> Iptables allows you to filter packets based on an IP address or a range of IP addresses. To do so, you need to specify it after the -s<\/strong> option. For example, to accept packets from 192.168.1.3<\/strong>, the command would be:<\/p> You can also reject packets from a specific IP address by replacing the ACCEPT<\/strong> target with DROP<\/strong>.<\/p> If you want to drop packets from a range of IP addresses, you have to use the -m<\/strong> option and iprange<\/strong> module. Then, specify the IP address range with –src-range<\/strong>. Remember, a hyphen should separate the range of ip addresses without space, like this:<\/p> Filtering packets based on their sources is crucial if you are using an intrusion detection and prevention system (IDS\/IPS) like Suricata<\/strong>. This tool monitors your VPS network and notifies you about malicious traffic.<\/p> IDS\/IPS shows the malicious packets’ origins, which you can add to the iptables blocklist. Check out our article to learn more about how to set up Suricata on Ubuntu<\/a>. <\/p> Dropping all other traffic<\/strong><\/p> It is crucial to use the DROP<\/strong> target for all other traffic after defining –dport<\/strong> rules. This will prevent an unauthorized connection from accessing the server via other open ports. To achieve this, simply type:<\/p> Now, the connection outside the specified port will be dropped.<\/p> Deleting rules<\/strong><\/p> If you want to remove all rules and start with a clean slate, you can use the -F<\/strong> option (flush<\/strong>):<\/p> This command erases all current rules. However, to delete a specific rule, you must use the -D option. First, you need to see all the available rules by entering the following command:<\/p> You will get a list of rules with numbers:<\/p> To delete a rule, insert the corresponding chain and the number from the list. Let’s say that for this iptables tutorial, we want to eliminate rule number three<\/strong> of the INPUT<\/strong> chain. The command should be:<\/p> Alternatively, if you need to filter only the incoming traffic, you can use Hostinger VPS Firewall. Select your VPS and navigate to the Firewall<\/strong> section:<\/p> Create a new configuration, give it a name, and specify any incoming traffic rules you prefer:<\/p> The iptables rules that we have created are only saved in temporary memory. That means we have to save them to a file to be able to load them again after a reboot. To make these changes you can use these commands depending if you are saving IPv4 or IPv6 rules:<\/p> Now whenever you restart your VPS you will need to load the saved rules with the following commands:<\/p> If you want for the loading process to be completely automatic, you can set up iptables-persistent<\/strong> package and it will take care of loading the rules. <\/p> After installation you will be asked to save the current rules. Choose Yes<\/strong> for both IPv4 and IPv6 and finish the configuration. Now the loading process will be automatic. Keep in mind that you will still need to use sudo iptables-save<\/strong> command each time you make changes to iptables. <\/p> Iptables is a powerful firewall program that you can use to secure your Linux server or VPS – you can define various rules based on your preferences.<\/p> In this iptables tutorial, you have learned how to install and use the tool. Now, we hope you can manage your sets of rules to filter incoming and outgoing packets.<\/p> It’s time to test it yourself. Good luck!<\/p> \n\n\n How to Configure OpenVPN on VPS<\/a> Are you looking for a comprehensive iptables tutorial for your VPS? This article will show you how to install and use iptables on an Ubuntu system. Follow along and learn how to secure your VPS with the command-line interface and a Linux firewall tool. How does iptables work? When a packet matches a rule, it […]<\/p>\n\n
\n
How to install and use iptables Linux firewall<\/h2>
1. Install iptables<\/h3>
\n
sudo apt-get update
sudo apt-get install iptables<\/pre><\/li>\n\n\n\nsudo iptables -L -v<\/pre>
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination<\/pre><\/li>\n<\/ol>2. Define chain rules<\/h3>
sudo iptables -A<\/pre>
\n
sudo iptables -A <chain> -i <interface> -p <protocol (tcp\/udp) > -s <source> --dport <port no.> -j <target><\/pre>
sudo iptables -A INPUT -i lo -j ACCEPT<\/pre>
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT<\/pre>
sudo iptables -L -v<\/pre>
![\"The](\"\/tutorials\/wp-content\/uploads\/sites\/2\/2017\/06\/destination-port-iptables.png\")
<\/figure><\/div>sudo iptables -A INPUT -s 192.168.1.3 -j ACCEPT<\/pre>
sudo iptables -A INPUT -s 192.168.1.3 -j DROP<\/pre>
sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j DROP<\/pre>
![\"\"](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner-1024x300.png\")
<\/a><\/figure>sudo iptables -A INPUT -j DROP<\/pre>
sudo iptables -F<\/pre>
sudo iptables -L --line-numbers<\/pre>
Chain INPUT (policy ACCEPT)\n\nnum target prot opt source destination\n\n1 ACCEPT all -- 192.168.0.4 anywhere\n2 ACCEPT tcp -- anywhere anywhere tcp dpt:https\n3 ACCEPT tcp -- anywhere anywhere tcp dpt:http\n4 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh<\/pre>
sudo iptables -D INPUT 3<\/pre>
![\"\"](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2019\/11\/vps-firewall-side-menu.png\")
<\/a><\/figure><\/div>![\"The](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2016\/09\/hpanel-vps-firewall-configuration-1024x465.png\")
<\/a><\/figure><\/div>3. Persist changes<\/h3>
sudo iptables-save > \/etc\/iptables\/rules.v4\nsudo iptables-save > \/etc\/iptables\/rules.v6<\/pre>
sudo iptables-restore < \/etc\/iptables\/rules.v4\nsudo iptables-restore < \/etc\/iptables\/rules.v6<\/pre>
sudo apt-get install iptables-persistent<\/pre>
Conclusion<\/h2>
Discover More About How to Protect Your Linux<\/h4>\n
\nHow to Configure Fail2Ban on CentOS<\/a>
\nHow to Configure UFW Firewall in Ubuntu<\/a>
\nHow to Install ClamAV on CentOS<\/a><\/p>\n <\/div>\n<\/p>\n","protected":false},"excerpt":{"rendered":"