Mastering iptables: A Beginner’s Guide to Linux Firewall Configuration
This article introduces iptables, explains its tables, chains, and packet‑processing flow, and provides step‑by‑step commands for installing and configuring the Linux firewall, offering a solid foundation for anyone new to network security on Linux systems.
Introduction
In early Linux systems the default firewall was iptables. Although firewalld has been available for years, many enterprises still use iptables in production, so a thorough explanation remains valuable.
What is iptables?
iptables is a user‑space tool that manages the netfilter/iptables packet‑filtering subsystem in the Linux kernel, allowing administrators to set, maintain, and inspect IP packet filtering rules.
Features
iptables works in kernel space and provides three built‑in tables— filter, nat, and mangle. Rules become effective immediately without restarting services.
iptables Architecture
iptables is organized into tables, each containing chains, which in turn contain rules. When writing rules you first select a table, then a chain.
Note: the raw table handles exceptional processing and is rarely needed.
Overall, iptables is built from “three tables and five chains”.
Three tables
filter– packet filtering; chains: INPUT, OUTPUT,
FORWARDnat– network address translation; chains: PREROUTING, POSTROUTING,
OUTPUTmangle– packet alteration and traffic shaping; chains: INPUT, OUTPUT, FORWARD, POSTROUTING,
PREROUTINGPriority: mangle > nat > filter
Five built‑in chains
INPUT– packets destined for the local host OUTPUT – locally generated packets (usually not filtered) FORWARD – packets routed through the host PREROUTING – packets before routing, used for DNAT POSTROUTING – packets after routing, used for SNAT
Packet processing flow
Incoming packets first traverse the PREROUTING chain, where the kernel decides whether to forward them.
If a packet is addressed to the host, it moves to the INPUT chain and is delivered to local processes.
Locally generated packets pass through OUTPUT and then POSTROUTING before leaving.
Forwarded packets go through FORWARD and then POSTROUTING before exiting.
Summary: packets are either destined for the firewall itself or need to be forwarded through it.
Installation
1. Stop firewalld
systemctl stop firewalld
systemctl disable firewalld2. Install iptables
yum -y install iptables-services3. Start the service
systemctl start iptables
systemctl enable iptables4. Configuration file location
ll /etc/sysconfig/iptablesExample configuration:
The article covers the basics of iptables; future sections will dive into syntax details and real‑world use cases.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.