Essentials: Common Firewall Rules and Commands
System Administration

Essentials: Common Firewall Rules and Commands


Iptables is the software firewall that is included with most Linux distributions by default. This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.

How To Use This Guide

  • If you are just getting started with configuring your iptables firewall, check out our introduction to iptables.
  • Most of the rules that are described here assume that your iptables is set to DROP incoming traffic, through the default input policy, and you want to selectively allow traffic in.
  • Use whichever subsequent sections are applicable to what you are trying to achieve. Most sections are not predicated on any other, so you can use the examples below independently.
  • Use the Contents menu on the right side of this page (at wide page widths) or your browser’s find function to locate the sections you need.
  • Copy and paste the command-line examples given, substituting the values in red with your own values.

Keep in mind that the order of your rules matter. All of these iptables commands use the -A option to append the new rule to the end of a chain. If you want to put it somewhere else in the chain, you can use the -I option which allows you to specify the position of the new rule (or simply place it at the beginning of the chain by not specifying a rule number).

Allow Loopback Connections

The loopback interface, also referred to as lo, is what a computer uses to for network connections to itself. For example, if you run ping localhost or ping 127.0.0.1, your server will ping itself using the loopback. The loopback interface is also used if you configure your application server to connect to a database server with a “localhost” address. As such, you will want to be sure that your firewall is allowing these connections.

Conclusion

That should cover many of the commands that are commonly used when configuring an iptables firewall. Of course, iptables is a very flexible tool so feel free to mix and match the commands with different options to match your specific needs if they aren’t covered here. Continue reading this guide at Digital Ocean. This article has been used as an example of an Ecko WordPress theme. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

  • Harvey Specter

    Harvey SpecterHarvey Specter

    Author

    Comments which are made by the author are marked with the ‘Author’ tag, such as this one. Replies to posts are indented. Disqus comment support can be enabled via the theme options as an alternative to the default WordPress comments.


    • Mike Ross

      Mike RossMike Ross

      Author

      Replies are indented to the right of the original post, such as this one. Post administration and options can be managed via the default WordPress dashboard.