Commands guide for iptables firewall on linux os

Common Iptables Firewall Rules and Commands

What is Iptables?

Iptables is the software firewall that is included with most Linux distributions by default. How Iptables works: iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.

for list of parameters visit Iptables command options and parameters on linux

Most common Iptables Firewall commands list:

To find your network interface run the following command:

ifconfig

in the bellow examples the network interface eth0
Display the List of currently configured iptables rules:

iptables -L
To clear all the currently configured iptables rules, you can issue the flush command:

iptables -F
To Block connection from Specific ip-address run the command for example block ip 1.1.1.0:

iptables -A INPUT -s 1.1.1.0 -j DROP
To Block SSH connection from Specific ip-address run the command for example block ip 1.1.1.0:

iptables -A INPUT -p tcp –dport ssh -s 1.1.1.0 -j DROP

This following shows how to block SSH connections from any IP address.

iptables -A INPUT -p tcp –dport ssh -j DROP
Allow Incoming SSH only from a Sepcific Network as example allow ssh connection from 192.168.1.x network:

iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT
Ping iptables rules:
- Allow Ping from Outside to Inside
  
  iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
  
  iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT
- Allow Ping from Inside to Outside
  
  iptables -A OUTPUT -p icmp –icmp-type echo-request -j ACCEPT
  
  iptables -A INPUT -p icmp –icmp-type echo-reply -j ACCEPT
Allow All Incoming HTTP and HTTPS:

iptables -A INPUT -i eth0 -p tcp –dport 80,443 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp –sport 80,443 -m state –state ESTABLISHED -j ACCEPT
Allow MySQL connection only from a specific IP-address:

iptables -A INPUT -i eth0 -p tcp -s 192.168.1.10 –dport 3306 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp –sport 3306 -m state –state ESTABLISHED -j ACCEPT
Allow outbound DNS:

iptables -A OUTPUT -p udp -o eth0 –dport 53 -j ACCEPT

iptables -A INPUT -p udp -i eth0 –sport 53 -j ACCEPT
iptables rule will help you prevent the Denial of Service (DoS) attack on your webserver:

iptables -A INPUT -p tcp –dport 80 -m limit –limit 50/minute –limit-burst 200 -j ACCEPT
Parameters Description:
- -m limit: This uses the limit iptables extension
- –limit 50/minute: This limits only maximum of 50 connection per minute. Change this value based on your specific requirement
- –limit-burst 200: This value indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.
Saving iptables Changes:

The changes that you make to your iptables rules will be revoked next time that the iptables service restarted unless you execute a command to save the changes. This command can differ depending on your distribution Linux os:

For Ubuntu OS:

sudo /sbin/iptables-save

For Red Hat / CentOS:

/sbin/service iptables save

XsoftHost Support

Next How to Install SSL certificate on IIS 10 »

Previous « Plesk services logs and configuration locations on LINUX

Tags: dedicated serverFirewalliptablesLinuxVPS Server

8 years ago

Add Extra IP addresses to server configuration On Ubuntu 17.10 and later
Each failover IP address will need its own line in the configuration file. The configuration…
Create RAID Arrays with mdadm on Ubuntu
What is mdadm? The mdadm utility can be used to create and manage storage arrays…
How to install and enable GUI GNOME Desktop on centos 7
Usually CentOS 7 comes in a numbers of variants, For most users, there are two…