{"id":1942,"date":"2016-06-16T11:02:50","date_gmt":"2016-06-16T15:02:50","guid":{"rendered":"https:\/\/www.globo.tech\/learning-center\/?p=1942"},"modified":"2016-09-29T16:20:29","modified_gmt":"2016-09-29T20:20:29","slug":"how-to-use-iptables","status":"publish","type":"post","link":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/","title":{"rendered":"How to Use IPTables"},"content":{"rendered":"<p>IPTables is invaluable for anyone wishing to secure a Linux server. It can drop or accept packets based on any number of criteria, forward ports and perform a variety of network analysis tasks. It is especially useful when defending against attacks, as it can perform all actions based on subnet and other criteria. This flexibility comes at a cost however, as the command line utility is complicated and confusing. Fortunately, with a few basic examples, much of its&#8217; utility can be made far more accessible.<\/p>\n<h2>Getting Started with IPTables<\/h2>\n<p>The service is installed by default on most Linux distributions. However, for sake of convenience, this tutorial assumes you have either a <a href=\"https:\/\/www.globo.tech\/dedicated-server-hosting\" target=\"_blank\">dedicated<\/a> or <a href=\"https:\/\/www.globo.tech\/cloud-server-pricing\" target=\"_blank\">virtual server<\/a> running a modern version of Ubuntu or CentOS.<\/p>\n<h2>Tutorial<\/h2>\n<p>Let&#8217;s step through a few examples of tasks you might perform with the service. These commands will give you a sense for what is possible, and should be easy to adapt for other circumstances.<\/p>\n<p>We&#8217;ll begin by examining your firewall status. This command is incredibly useful for diagnosing issues, as you can use it to determine what rules are currently active, and if a given entry might be blocking traffic unexpectedly.<\/p>\n<p><code> iptables -L -nv<\/code><\/p>\n<p>Now let&#8217;s display only a subset of your firewall rules in this case, only the NAT chain.<\/p>\n<p><code> iptables -t nat -L -nv<\/code><\/p>\n<p>IPTables as a whole can be started, stopped or restarted. This is particularly useful if traffic routing is fundamentally messed up, and you&#8217;d like to shut down the entire subsystem to debug what went wrong.<\/p>\n<p><code> service iptables start<br \/>\n service iptables stop<br \/>\n service iptables restart<\/code><\/p>\n<p>If the firewall is completely broken, you may wish to flush all your IPTables rules at once. Note that this may break advanced forwarding setups and connectivity in some instances, but in general this won&#8217;t break something unless you&#8217;ve knowingly used an advanced feature. It is a good way to return to a working state and start again.<\/p>\n<p><code> iptables -F<\/code><\/p>\n<p>Say you&#8217;ve found a good set of rules and want to save them. They will then be automatically reactivated when the server is rebooted. Under CentOS\/Redhat you&#8217;d type the following, and rules will be saved in \/etc\/sysconfig\/iptables.<\/p>\n<p><code> service iptables save<\/code><\/p>\n<p>This command works under other distributions, and persists rules to \/root\/myrules:<\/p>\n<p><code> iptables-save > \/root\/myrules<\/code><\/p>\n<p>If your rules aren&#8217;t automatically restored on boot, use these commands to restore them. Under CentOS\/Redhat:<\/p>\n<p><code> service iptables restart<\/code><\/p>\n<p>And under other distributions:<\/p>\n<p><code> iptables-restore < \/root\/myrules<\/code><\/p>\n<p>Now let's move on to creating specific types of firewall rules. Say you wish to block all traffic from 10.10.10.1 or subnet 10.10.10.0\/24.<\/p>\n<p><code> iptables -A INPUT -s 10.10.10.1 -j DROP<br \/>\n iptables -A INPUT -s 10.10.10.0\/24 -j DROP<\/code><\/p>\n<p>Next let's block all incoming SSH access. Be careful with this, as if you're connected by SSH then this will cut your current connection:<\/p>\n<p><code> iptables -A INPUT -p tcp --dport 22 -j DROP<\/code><\/p>\n<p>We'll now combine the previous two rules, blocking SSH access from a specific IP:<\/p>\n<p><code> iptables -A INPUT -s 10.0.10.1 -p tcp --dport 22 -j DROP<\/code><\/p>\n<p>This command does the exact opposite. It allows SSH traffic from a remote IP, 10.10.10.1, to a local IP, 192.168.0.1.<\/p>\n<p><code> iptables -A INPUT -s 10.10.10.1 -d 192.168.0.1 -p tcp --dport 22 -j ACCEPT<\/code><\/p>\n<p>Say you need to open a range of TCP ports for VOIP or gaming traffic. This command opens ports 30000-50000.<\/p>\n<p><code> iptables -A INPUT -p tcp --dport 30000:50000 -j ACCEPT<\/code><\/p>\n<p>Or maybe you want to block all ICMP packets. This isn't advisable for various reasons, but the following command shows how it can be done.<\/p>\n<p><code> iptables \u2013A INPUT \u2013p icmp \u2013icmp-type echo-request \u2013j DROP<\/code><\/p>\n<p>Perhaps you'd like to redirect a port? This is how you'd go about redirecting port 1234 to port 80. Replace eth0 with your actual network interface.<\/p>\n<p><code> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1234 -j REDIRECT --to-port 80<\/code><\/p>\n<h2>Conclusion<\/h2>\n<p>While these examples were specific, it is easy to change the details to achieve a host of related tasks. The above commands are enough to build a capable, responsive firewall. If this guide was helpful to you, kindly share it with others who may also be interested. <\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>IPTables is invaluable for anyone wishing to secure a Linux server. It can drop or accept packets based on any number of criteria, forward ports and perform a variety of network analysis tasks. It is especially useful when defending against attacks, as it can perform all actions based on subnet and other criteria. This flexibility<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":3,"featured_media":2157,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"class_list":["post-1942","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Use IPTables - Globo.Tech<\/title>\n<meta name=\"description\" content=\"This tutorial will show you how to use IPTables on your Linux server. Read now &amp; Build your own capable and responsive firewall.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Use IPTables - Globo.Tech\" \/>\n<meta property=\"og:description\" content=\"This tutorial will show you how to use IPTables on your Linux server. Read now &amp; Build your own capable and responsive firewall.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/\" \/>\n<meta property=\"og:site_name\" content=\"Globo.Tech\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-16T15:02:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-09-29T20:20:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"320\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"GloboTech Communications\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"GloboTech Communications\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/\",\"name\":\"How to Use IPTables - Globo.Tech\",\"isPartOf\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg\",\"datePublished\":\"2016-06-16T15:02:50+00:00\",\"dateModified\":\"2016-09-29T20:20:29+00:00\",\"author\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87\"},\"description\":\"This tutorial will show you how to use IPTables on your Linux server. Read now & Build your own capable and responsive firewall.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg\",\"contentUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg\",\"width\":500,\"height\":320,\"caption\":\"IPTables\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.globo.tech\/learning-center\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Use IPTables\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/\",\"name\":\"Globo.Tech\",\"description\":\"Welcome to the Official Globo.Tech Learning Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87\",\"name\":\"GloboTech Communications\",\"sameAs\":[\"http:\/\/www.gtcomm.net\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Use IPTables - Globo.Tech","description":"This tutorial will show you how to use IPTables on your Linux server. Read now & Build your own capable and responsive firewall.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/","og_locale":"en_US","og_type":"article","og_title":"How to Use IPTables - Globo.Tech","og_description":"This tutorial will show you how to use IPTables on your Linux server. Read now & Build your own capable and responsive firewall.","og_url":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/","og_site_name":"Globo.Tech","article_published_time":"2016-06-16T15:02:50+00:00","article_modified_time":"2016-09-29T20:20:29+00:00","og_image":[{"width":500,"height":320,"url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg","type":"image\/jpeg"}],"author":"GloboTech Communications","twitter_misc":{"Written by":"GloboTech Communications","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/","url":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/","name":"How to Use IPTables - Globo.Tech","isPartOf":{"@id":"https:\/\/www.globo.tech\/learning-center\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage"},"image":{"@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage"},"thumbnailUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg","datePublished":"2016-06-16T15:02:50+00:00","dateModified":"2016-09-29T20:20:29+00:00","author":{"@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87"},"description":"This tutorial will show you how to use IPTables on your Linux server. Read now & Build your own capable and responsive firewall.","breadcrumb":{"@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#primaryimage","url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg","contentUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2016\/06\/ClFTgnFWkAA8mw7.jpg","width":500,"height":320,"caption":"IPTables"},{"@type":"BreadcrumbList","@id":"https:\/\/www.globo.tech\/learning-center\/how-to-use-iptables\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.globo.tech\/learning-center\/"},{"@type":"ListItem","position":2,"name":"How to Use IPTables"}]},{"@type":"WebSite","@id":"https:\/\/www.globo.tech\/learning-center\/#website","url":"https:\/\/www.globo.tech\/learning-center\/","name":"Globo.Tech","description":"Welcome to the Official Globo.Tech Learning Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/e17784b37f4a4f49b7bc611847912e87","name":"GloboTech Communications","sameAs":["http:\/\/www.gtcomm.net"]}]}},"_links":{"self":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/comments?post=1942"}],"version-history":[{"count":5,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1942\/revisions"}],"predecessor-version":[{"id":2821,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1942\/revisions\/2821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/media\/2157"}],"wp:attachment":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/media?parent=1942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/categories?post=1942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/tags?post=1942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}