Configuring `iptables` Rules in Linux

Basics of iptables

• ACCEPT – allow the packet to pass.
• DROP – block the packet.
• RETURN – skip the current chain and proceed to the next rule in the calling chain.
• INPUT – used to control incoming packets. You can allow or block connections by port, protocol, or source IP address.
• FORWARD – used to filter packets arriving at the server but being forwarded elsewhere.
• OUTPUT – used to filter outgoing packets.

Example of iptables Configuration

Install iptables and persistent rules package

sudo apt-get update
sudo apt install -y iptables iptables-persistent

Clear all existing rules

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X

View current rules

sudo iptables -L -v --line-numbers

Set FORWARD and OUTPUT policies to ACCEPT

sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

Create the WHITELIST chain

sudo iptables -N WHITELIST

Allow local traffic

sudo iptables -I INPUT -i lo -j ACCEPT -m comment --comment 'Allowing local traffic'

Open ports 80 and 443

sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT

Allow established and related connections

sudo iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -m comment --comment 'Allowing established and related connections'

Add specific rules to WHITELIST

sudo iptables -A WHITELIST -s IP_SERVERZABBIX -p tcp --dport 10050 -m comment --comment "Monitoring Zabbix server" -j ACCEPT
sudo iptables -A WHITELIST -s YOUR_IP -p tcp --dport 22 -m comment --comment "IP Jumpbox SSH" -j ACCEPT

Apply WHITELIST to INPUT

sudo iptables -A INPUT -j WHITELIST

Set default policy for INPUT to DROP

sudo iptables -P INPUT DROP

Block null packets

Null packets (packets with no flags set) are often used for scanning.

sudo iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Protect against SYN flood attacks

Limit the number of new connections from a single source.

sudo iptables -A INPUT -p tcp --syn -m limit --limit 10/s --limit-burst 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --syn -j DROP

Explanation:

• --limit 10/s – allows up to 10 new connections per second.
• --limit-burst 20 – allows up to 20 initial connections in a sudden spike, after which the limit is enforced.

Optimization and ordering rules

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

Save and reload rules

sudo iptables-save > /etc/iptables/rules.v4
sudo netfilter-persistent save
sudo netfilter-persistent reload

Display current iptables rules

sudo iptables -L INPUT --line-numbers
sudo iptables -L WHITELIST --line-numbers
sudo iptables -t nat -L --line-numbers
sudo iptables -S

Restoring Settings

If you haven’t saved your settings yet and want to restore them to their original state, use iptables-restore.

On Ubuntu/Debian

sudo iptables-restore < /etc/iptables.rules

On CentOS/RedHat

iptables-restore < /etc/sysconfig/iptables

You can also download the bash script from GitHub:

git clone https://github.com/Shipssv83/Iptables-ruls.git
sudo chmod +x iptables-ruls.sh
sudo ./iptables-ruls.sh

🚀 Explore more guides on our blog 👉 blog.1it.pro
📧 Contact us: admin@1it.pro for expert IT guidance.
🌐 Explore more: Visit 1it.pro for top-tier IT solutions.