Master iptables: Control Linux Network Traffic with Powerful Firewall Rules

Firewalls are crucial for system security, and iptables is the tool used to manage firewall rules on Linux.

Packet Flow Through iptables Chains

When a packet reaches the firewall it passes through a series of built‑in chains:

prerouting : processed before routing decisions.

forward : processed when the packet is being forwarded.

input : processed when the packet enters the local system.

output : processed when the system generates a packet.

postrouting : processed after routing decisions.

If the destination is the local host, the packet is handed to the input chain, then to the appropriate application (e.g., Apache). Outgoing responses go through the output chain, then routing, and finally the postrouting chain. If the destination is external, the packet is sent to the forward chain before postrouting.

iptables Tables and Priorities

iptables defines four built‑in tables, each containing chains with specific rules. When a packet reaches a chain, tables are consulted in order of priority to apply the matching rules.

Common iptables Commands

Listing rules: iptables -L -n Clearing rules:

iptables -F

iptables -X

iptables -Z

Adding rules (examples):

iptables -A OUTPUT -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -I INPUT -s 123.45.6.7 -j DROP

iptables -A OUTPUT -p tcp --sport 31337 -j DROP

iptables Command Syntax

The general form is: iptables [table] [command] [chain] [parameter] [action] Key elements:

table : specifies which table to operate on (default is filter).

command : defines how to manage rules (e.g., -A append, -I insert, -R replace, -D delete).

chain : the target chain for the rule.

parameter : match criteria such as -s source address, -d destination address, -p protocol, --dport destination port, --sport source port.

action : what to do with matching packets, e.g., -j ACCEPT, -j DROP, -j REJECT.