Get a VPS server with a 15% discount
Sale ends in
00Days
:
00Hours
:
00Minutes
:
00Seconds
language
EN
RUUA
*
tg
@SpaceCore
Promo codes
promo
news
News
Discounts
discounts
Products
arrow
Additional Services
arrow
Documentation
arrow
About Us
arrow
Support
language
EN
RUUA
*
Products
arrow
Additional Services
arrow
Documentation
arrow
About Us
arrow
Support

IPTables Configuration: Rules and Examples

This is a subsystem for working with network packets that filters all connections on the server. In this article, we will take a closer look at configuring IPTables.

General information

IPTables is built into the main Linux kernel by default, but the user-space tools for managing it are not installed by default in many distributions, so let’s use the command below to install the utility.

Debian / Ubuntu

sudo is used on Ubuntu OS. On Debian, run the command without it.

CentOS [Fedora]

Configuration

After installing the utility, we can proceed to its detailed configuration.

Arguments

-A — append a rule to a chain.

-C — check rules.

-D — delete a rule.

-I — insert a rule at a specific position.

-L — list all rules in the current chain.

-S — list all rules.

-F — flush all rules.

-N — create a chain.

-X — delete a chain.

-P — set the default policy.

-p — specify a protocol.

-s — specify a source address.

-d — specify a destination address.

-i — incoming network interface.

-o — outgoing network interface.

-j — action to take when the rule matches.

INPUT — handles incoming packets and connections.

FORWARD — used for forwarded connections. This is where packets go that are sent to your server but do not have it as the final destination.

OUTPUT — the opposite of INPUT. Used for outgoing packets and connections.

ACCEPT — accept the packet.

DROP — drop the packet.

REJECT — reject the packet.

LOG — log the matching packet.

QUEUE — send the packet to a user-space application.

Opening port(s)

First, let’s check the list of current rules:

List of IPTables rules

Now let’s open a single TCP port 80 for incoming connections:

Check the list again...

Rule for TCP port 80 in IPTables

Now let’s open a range of UDP ports from 25565 to 25570 for outgoing connections:

Check the result.

Rule for UDP port range in IPTables

Want to block all incoming connections to TCP 250? No problem.

Rule for blocking incoming TCP 250 connections

Deleting rules

Now let’s delete the rule that allows incoming connections to TCP 80:

Deleting the TCP 80 rule from IPTables

Deleting all rules

To do this, use the following command:

Deleting all IPTables rules

Saving created rules

By default, all created rules are applied only until the next reboot and will be removed when it occurs. To avoid this, let’s save the IPTables rules we have created. Use the following command:

Saving IPTables rules

Done. The rules have been saved and will remain active even after the server is rebooted!