With the vast majority of threats coming from the internet, a good firewall configuration is critical for any Linux server. This guide will introduce the basics of configuring a firewall with the popular iptables tool.
In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and an untrusted external network, such as the internet.
Iptables is a popular firewall tool included with most Linux distributions. It uses a set of rules to determine what traffic to allow or block.
Iptables is included with most Linux distributions and can be installed with the package manager. For example, on Debian-based systems:
$ sudo apt-get install iptables
Iptables uses a set of chains to determine what to do with a packet. A packet can be dropped, rejected, or accepted. The default chains are INPUT
, FORWARD
, and OUTPUT
.
A rule in iptables consists of a number of match criteria and a target. The match criteria can be things like the protocol (e.g. TCP, UDP), source and destination IP addresses, and source and destination port numbers. The target can be DROP
, REJECT
, or ACCEPT
.
Rules can be added with the iptables
command. For example, to drop all incoming traffic:
$ iptables -A INPUT -j DROP
This rule will be added to the INPUT
chain and will have the DROP
target, which will drop the packet.
Rules can be deleted with the iptables
command. For example, to delete the previous rule:
$ iptables -D INPUT 1
This will delete the first rule in the INPUT
chain.
Rules can be saved with the iptables-save
command. For example:
$ iptables-save > /etc/iptables.rules
This will save the rules to the /etc/iptables.rules
file.
Rules can be loaded with the iptables-restore
command. For example:
$ iptables-restore < /etc/iptables.rules
This will load the rules from the /etc/iptables.rules
file.
This guide has introduced the basics of configuring a firewall with iptables. For more information, see the resources below.