iptables Command: Tutorial & Examples

Show and configure the kernel's firewall

iptables is a command-line utility that allows you to configure the Linux kernel's built-in firewall. It is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

The Linux kernel's packet filtering capabilities are implemented in the form of tables, each of which contains a set of rules. The iptables command allows you to create, modify, and delete rules in these tables. The tables are organized into chains, and each rule in a chain specifies what action should be taken when a packet matches the rule.

Here are some examples of common iptables commands:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This command adds a rule to the INPUT chain that allows incoming TCP packets to port 80 (HTTP). The -A option specifies that the rule should be added to the end of the chain, and the -j ACCEPT option specifies that the packet should be accepted if it matches the rule.

iptables -D INPUT -p udp --dport 53 -j ACCEPT

This command deletes a rule from the INPUT chain that allows incoming UDP packets to port 53 (DNS). The -D option specifies that the rule should be deleted, and the rest of the options specify the rule to be deleted.

iptables -L

This command lists all the rules in the iptables firewall. The -L option specifies that the rules should be listed. Typical output might look like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type ANYCAST
DROP       all  --  anywhere             base-address.mcast.net/4
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ssh,10222 tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
DROP       udp  --  anywhere             anywhere             multiport dports loc-srv,microsoft-ds
DROP       udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn
DROP       udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535
DROP       tcp  --  anywhere             anywhere             multiport dports loc-srv,netbios-ssn,microsoft-ds
DROP       udp  --  anywhere             anywhere             udp dpt:1900
DROP       udp  --  anywhere             anywhere             udp spt:domain
REJECT     tcp  --  anywhere             anywhere             tcp dpt:auth flags:FIN,SYN,RST,ACK/SYN ctstate NEW reject-with tcp-reset
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https flags:FIN,SYN,RST,ACK/SYN ctstate NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

To flush all rules in the iptables firewall you can run:

iptables -F

Warning: After this no ports will be blocked anymore, so take care that no databases or important services are exposed to the public internet.

Info: iptables is nowadays kind of outdated. The recommended way to configure the firewall now is to use nft.

Further Reading

• Linux Firewalls: Attack Detection and Response by Michael Rash (partner link)
• Linux for Networking Professionals by Rob Vandenbrink (partner link)
• Understanding Linux Network Internals by Christian Benvenuti (partner link)
• Linux Networking Cookbook by Carla Schroder (partner link)
• Mastering Linux Security and Hardening by Donald A. Tevault (partner link)
• Learning Kali Linux: Security Testing, Penetration Testing & Ethical Hacking by Ric Messier (partner link)
• Security Strategies in Linux Platforms and Applications by Ric Messier, Michael Jang (partner link)
• Linux Hardening in Hostile Networks by Kyle Rankin (partner link)
• Mastering Defensive Security by Cesar Bravo (partner link)
• Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes (partner link)

As an Amazon Associate, I earn from qualifying purchases.