Introduction

Iptables is a firewall built into most linux distributions and therefore typically requires no installation or internet to start adding security to your system. Below is a primer on iptables.

To view your current firwall rules in their processing order, enter:

sudo iptables -L --line-numbers

Adding Entries

This commands output is broken into different “chains” or rule sets, such as inbound (input) and outbound (output) rules. Typically users would be interested in modifying their inbound ports. Below is an example command which opens the HTTPS port on the machine:

iptables -I INPUT -p tcp --dport 443 -j ACCEPT

Breaking this command down we can see we are accepting the TCP protocol over port 443 (HTTPS) into the machine. The -I flag, or insert flag, will add the rule to the top of the list. It can be important to enter your rules in a particular order as they are processed on a first match basis. If you later want to re-order your rules you can use the below commands to export your rules, rearrange them with a text editor, and upload the newly ordered rules. With the rules being processed in a particular order its important to add your allow rules before potentialy locking yourself out with your deny rules!

sudo iptables-save > iptables.txt

sudo iptables-restore < iptables.txt

One such rule you should enter before any deny rules is to allow access to your machine via SSH on the local network only (for added security). You can do that with the below command, substituting the network for one that matches your LANs scheme:

iptables -I INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT

Once all of your accept rules are in place it is time to add your deny rules. For our implicit deny statement we will use the -A flag which will append this rule to the bottom of our list:

sudo iptables -A INPUT -j DROP

Deleting Entries

The syntax for deleting a command will be as follows:

sudo iptables -D [CHAIN] [RULE NUMBER]

You can use the first command in this blog post to review your rule numbers and delete any necessary entry with the above command, for example:

sudo iptables -D INPUT 3