Introduction to iptables: Concepts, Commands, and Practical Use Cases

iptables is a powerful Linux firewall management tool that operates at the network layer, allowing administrators to filter, forward, or redirect packets based on criteria such as source/destination IP, ports, and protocols.

The basic components are:

Chain : containers for rules (INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING).

Rule : a match condition plus an action (ACCEPT, DROP, REJECT).

Table : groups of chains; the most used are filter and nat.

Common iptables commands:

Show all rules: iptables -L Add a rule: iptables -A <chain> <rule> Delete a rule: iptables -D <chain> <rule> Modify a rule (replace by number):

iptables -R <chain> <rule_number> <new_rule>

Example: allow SSH (TCP port 22) on the INPUT chain: iptables -A INPUT -p tcp --dport 22 -j ACCEPT Practical case: securing jump‑hosts on CentOS 7 using the filter table and the INPUT chain.

Steps:

Stop and disable firewalld.

systemctl stop firewalld

systemctl disable firewalld

Install and enable iptables-services.

yum install iptables-services

systemctl enable iptables

systemctl start iptables

Flush existing INPUT rules: iptables -F INPUT Add specific access rules, e.g., allow a trusted IP, related/established connections, ICMP, DNS replies, and NTP replies.

# Allow trusted IP

iptables -A INPUT -s 192.168.4.168 -j ACCEPT

# Allow related/established

iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow ICMP

iptables -A INPUT -p icmp -j ACCEPT

# Allow DNS replies

iptables -A INPUT -p udp --sport 53 -j ACCEPT

# Allow NTP replies

iptables -A INPUT -p udp --sport 123 -j ACCEPT

Set default INPUT policy to DROP to block everything else: iptables -P INPUT DROP Verify the rule set: iptables -nL INPUT Save the configuration so it persists after reboot: service iptables save The article concludes with a reminder to like, share, and credit the source when reposting.