In Linux and other Unix-based operating systems, firewall comes pre-installed in the kernel. This firewall is called “iptables”. It’s a rule-based firewall system. Whenever you’re using your Unix/Linux, iptables is running in the background, without any rule specified, of course. By adding rules and modifying them, we can control traffic flow, allow/block a specific website or specific programs’ online access etc.
Structure of “iptables”
Let’s have a better look at the structure of “iptables”. It’s a Table that has Chains where the Chains contain Rules. The structure, in short, TablesàChainsàRules
There’re several types of tables in it, each of them containing different types of chains. Here’s a short list of all of them.
- Filter table
- INPUT chain
- FORWARD chain
- OUTPUT chain
- NAT table
- PREROUTING chain
- POSTROUTING chain
- OUTPUT chain
- Manage table
- PREROUTING chain
- OUTPUT chain
- FORWARD chain
- INPUT chain
- POSTROUTING chain
Command lines
For using “iptables”, you need to learn a few of the basic command lines. In “iptables”, the Filter table is the default table. You can see all the rules on the table by executing the following command:
iptables -t filter --list or iptables -t filter -L or iptables --list or iptables -L
From my device, here’s a sample output. Note that yours might be different (don’t panic).
root@test [~]# iptables -t filter --list Chain INPUT (policy ACCEPT) target prot opt source destination acctboth all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
If you’re willing to see other tables, follow this command:
iptables -t nat --list or iptables -t nat -L
The output will be similar to this sample.
root@test [~]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Take a note that after “-t” followed by a space, you’ll have to declare the table name.
iptables -t nat --list # The "nat" represents the NAT table. Change it to your need
If you’ve done anything wrong, don’t worry. The following command will delete all “iptables” rules at once.
# iptables –flush
To delete rules of a specific table, follow this command:
# iptables –flush OUTPUT
Managing “iptables” rules
Creating rules, modifying them and removing them one by one is pretty crazy, to be honest. It’s more maddening when you try to perform them using command lines. For most of the users, it’ll be the same experience for sure. However, if you’re interested in creating or managing “iptables” using commands, here’s the complete guide. It’s pretty simple and easy to follow.
For the vast majority, I’d like to recommend using Shorewall. It’s a frontend tool with very simple & powerful UI for everyone. Alongside “iptables” management, this tool is a complete package of advanced functions and management options. Get Shorewall today. Before you jumpstart to Shorewall, I suggest reading this guide beforehand.
Got any questions about iptables? Feel free to ask it in the comment section below. Don’t forget to share with your friends. Share your experience and assert some dominance on your PC!
