iptables Quickstart Guide

iptables is a utility program used to configure the Linux kernel firewall. This quickstart guide outlines several useful commands and techniques to assist debugging iptables.

List all running rules #

To view the current firewall rules:

iptables -L -v

Disable and flush iptables #

To disable the firewall temporarily, flush all rules.

sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F

Deny all traffic #

To block everything, drop all packets on all chains.

sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP
sudo iptables -P FORWARD DROP

A common example #

Here is a common example to allow SSH, HTTP and HTTPS, but drop everything else.

Step 1 #

Append a rule to the INPUT chain:

  • Protocol TCP
  • Destination port 22, 80 & 443

For those packets, jump to ACCEPT.

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Step 2 #

Append a rule to the INPUT chain: Drop everything else.

sudo iptables -A INPUT -j DROP

More information #

Powered by BetterDocs