iptables Quickstart Guide
Last Updated: Mon, Apr 13, 2020
iptables is a utility program used to configure the Linux kernel firewall. This quickstart guide outlines several useful commands and techniques to assist debugging iptables.
List all running rules
To view the current firewall rules:
iptables -L -v
Disable and flush iptables
To disable the firewall temporarily, flush all rules.
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
Deny all traffic
To block everything, drop all packets on all chains.
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP
sudo iptables -P FORWARD DROP
A common example
Here is a common example to allow SSH, HTTP and HTTPS, but drop everything else.
Step 1
Append a rule to the INPUT chain:
- Protocol TCP
- Destination port 22, 80 & 443
For those packets, jump to ACCEPT.
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Step 2
Append a rule to the INPUT chain: Drop everything else.
sudo iptables -A INPUT -j DROP
More information
Want to contribute?
You could earn up to $300 by adding new articles