Get a VPS server with a 20% discount
Sale ends in
00Days
:
00Hours
:
00Minutes
:
00Seconds
language
EN
RUUA
*
tg
@SpaceCore
Promo codes
promo
news
News
Discounts
discounts
Products
arrow
Additional Services
arrow
Documentation
arrow
About Us
arrow
Support
language
EN
RUUA
*
Products
arrow
Additional Services
arrow
Documentation
arrow
About Us
arrow
Support
Personal Account
Introduction
arrow
Order Placement
arrow
VMmanager
arrow
Other
arrow
Servers and Equipment
General
arrow
Linux – Software Installation
arrow
Linux – Administration
arrow
Windows
arrow
Hetzner Robot
arrow
Additional services
Web hosting
arrow
Domain Names
arrow

This is a subsystem for working with network packets, which passes all connections on the server through its filter. Let's delve into the IPTables configuration in more detail.

General Information

IPTables is already embedded in the core of Linux by default, but the tools to work with it are not included by default in many distributions, so let's use the command to install the utility.

Debian / Ubuntu

[sudo] apt install iptables

Sudo is intended for use on Ubuntu. For Debian, a regular command is used.

CentOS [Fedora]

sudo yum install iptables


Configuration

After installing the utility, let's proceed with its detailed configuration.

Arguments

-A - Add a rule to the section.
-C - Check all rules.
-D - Delete a rule.
-I - Insert a rule with the necessary number.
-L - List all rules in the current section.
-S - Show all rules.
-F - Flush all rules.
-N - Create a section.
-X - Delete a section.
-P - Set the default action.
-p - Set the protocol.
-s - Specify the source address.
-d - Specify the destination address.
-i - Input network interface.
-o - Output network interface.
-j - Execute when the rule matches.

INPUT - Responsible for handling incoming packets and connections.
FORWARD - Used for passing connections. This is where packets sent to your server but not identified as the destination end up.
OUTPUT - Completely opposite to the first. Used for outgoing packets and connections.
ACCEPT - Allow the packet.
DROP - Drop the packet.
REJECT - Reject the packet.
LOG - Create a log file for the corresponding packet.
QUEUE - Send the packet to a user application.

Opening Port(s)

First, let's check the list of our rules:

iptables -L


As we can see, it's all empty. Let's try opening a TCP port 80 for incoming connections:

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT


Let's check the list again... Excellent! Port 80 is open.

Now, let's try opening a range of UDP ports from 25565 to 25570 for outgoing connections:

iptables -t filter -A OUTPUT -p udp --dport 25565:25570 -j ACCEPT


Check the result. Done. The UDP port range is accessible.

Want to close all incoming connections for TCP 250? No problem.

iptables -t filter -A INPUT -p tcp --dport 250 -m state --state ESTABLISHED -j DROP


Done!

Removing Rules

Now, let's try removing the rule that allows incoming connections for TCP 80:

iptables -t filter -D INPUT -p tcp --dport 80 -j ACCEPT


The rule has been removed.

Removing All Rules

To do this, use the command:

iptables -F


All rules have been successfully cleared!

Saving Created Rules

By default, all created rules are applied until the next reboot and will be removed during its execution. To avoid this, let's save the IPTables rules we created. To do this, use the appropriate command:

iptables-save


There you go. The rules have been saved and will remain active even after rebooting our server.