How to Work With Iptables

Iptables is the name of the user space tool by which administrators create rules for the packet filtering (both inbound and outbound) and NAT modules. Today Iptables is a standard part of all modern Linux distributions.


  1. Image titled Work With Iptables Step 1
    Go to the Linux terminal. Then you can play with the program.
  2. 2
    Block specific IP using IPTables:

    • iptables -I INPUT -p tcp -s -j DROP
      Image titled Work With Iptables Step 2Bullet1
  3. 3
    Search for IP addresses in IPTables:

    • iptables -nL | grep
      Image titled Work With Iptables Step 3Bullet1
    • (-n) prevents each IP from resolving to its hostname
      Image titled Work With Iptables Step 3Bullet2
    • (-L) lists all of the rules
      Image titled Work With Iptables Step 3Bullet3
  4. 4
    Log SSH using IPTables:

    • iptables -I INPUT -j LOG -m state --state NEW -p tcp --dport 22
      Image titled Work With Iptables Step 4Bullet1


  • How to disable and restore IPTables
    • /sbin/iptables-save > backupfilename
    • service IPTables stop
    • cat backupfilename | /sbin/iptables-restore
    • service IPTables start
  • IPTables Firewall Template
    • Prevent SYN floods from consuming memory resources
  • echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    • By default DROP any incoming or forwarded packets, allow all outgoing packets
  • iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
    • Clear any established specific rules
  • iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -F -t nat
    • Permit packets in to firewall itself that are part of existing and related connections.
  • iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    • Allow all inputs from te loopback interface
  • iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
    • Accept connections coming through for SSH (22) and samba
  • iptables -A INPUT -p tcp -s --destination-port 22 --syn -j ACCEPT iptables -A INPUT -p tcp -s --destination-port 137:139 --syn -j ACCEPT iptables -A INPUT -p tcp -s --destination-port 445 --syn -j ACCEPT
    • Accept UDP packets for samba
  • iptables -A INPUT -p udp -s --destination-port 137:139 -j ACCEPT iptables -A INPUT -p udp -s --destination-port 445 -j ACCEPT
    • Permitting a caching DNS Server
    • We need to permit querying a remote DNS server.
  • iptables -A INPUT -p udp -s --source-port 53 --destination-port 1024:65535 -j ACCEPT
  • IPTables Enable Specific Ports
  • This script basically blocks all the ports, and enables only the ones needed. Please edit it as necessary.
  • 1. !/bin/bash
  • iptables --flush iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp -m multiport --dport 21,22,80,443 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables-save
  • IPTABLES for Port 22 example...
  • iptables -I INPUT -s -j ACCEPT (this is for all) iptables -I INPUT -p tcp --dport 22 -s -j ACCEPT (this is for port 22 only)


  • Take care at the time to handle Iptables, a minor issue can be a big security fail in your system.

Sources and Citations

Article Info

Categories: Linux