How to Use IPTables on Linux: Secure Your Server Fast

Use IPTables on a Linux server to control network traffic by defining rules that filter incoming, outgoing, and forwarded packets. IPTables is the standard user-space utility in Linux for managing firewall rules using the Netfilter framework built into the kernel. It allows precise control over what network traffic is allowed or blocked based on IP addresses, ports, protocols, and interfaces.

This guide explains how to install, configure, and manage IPTables on Linux servers, providing essential commands and sample setups.

Prerequisites

• A Linux server with root or sudo privileges
• Basic Linux command line knowledge
• IPTables is installed by default on most Linux distributions (you can install or verify)

Use IPTables on a Linux Server

IPTables is a powerful firewall tool built into most Linux distributions. It lets you control inbound and outbound traffic using customizable rules. Before configuring rules, ensure IPTables is installed and active on your system.

Install or Verify IPTables

Check if IPTables is installed:

iptables --version

If not installed, install IPTables using your package manager.

• Ubuntu/Debian:

sudo apt update
sudo apt install iptables

• CentOS/Red Hat:

sudo yum install iptables

or (on newer distros):

sudo dnf install iptables

Understand IPTables Structure

Before applying rules, it’s essential to understand how IPTables organizes and processes traffic. IPTables uses a layered architecture of tables, chains, and rules to determine how packets are handled at each stage of network flow.

• Tables: Categories of filtering (e.g., filter for firewall rules, nat for network address translation).
• Chains: Rule sets for different packet flow stages, mainly:
  • INPUT (incoming packets to the server)
  • OUTPUT (outgoing packets from the server)
  • FORWARD (packets routed through the server)
• Rules: Individual tests and actions (allow, drop, reject) are applied to packets in each chain.

Basic IPTables Commands and Concepts

• View current rules:

sudo iptables -L -v -n

-L lists rules, -v verbose, and -n numeric IP/port output.

• Set default policies:

Drop all incoming traffic by default, allow outgoing:

sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD DROP

• Allow loopback (localhost) traffic:

sudo iptables -A INPUT -i lo -j ACCEPT

• Allow established and related connections (allow ongoing connections):

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

• Allow incoming SSH (port 22) for remote access:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• Allow HTTP and HTTPS traffic (ports 80 and 443):

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

• Reject or drop other traffic explicitly (if default policy is ACCEPT):

sudo iptables -A INPUT -j DROP

Save IPTables Rules

IPTables rules are typically lost after a reboot unless saved.

• On Ubuntu/Debian, install iptables-persistent to save and restore rules:

sudo apt install iptables-persistent
sudo netfilter-persistent save

• On CentOS/RHEL, use:

service iptables save

Or save rules to a file and reload via scripts or systemd services.

Example: Basic Firewall Setup with IPTables

# Flush all previous rules
sudo iptables -F

# Set default policies
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

# Allow loopback interface
sudo iptables -A INPUT -i lo -j ACCEPT

# Allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow SSH
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP and HTTPS
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Save the rules afterward to persist.

Managing Firewall Rules

• Delete a specific rule by number:

List rules with line numbers:

sudo iptables -L --line-numbers

Delete rule by chain and number:

sudo iptables -D INPUT 3

• Flush all rules (clear all):

sudo iptables -F

• Restore default policies:

sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

Conclusion

To use IPTables on a Linux server, install or verify that IPTables is present, define rules in chains (INPUT, OUTPUT, FORWARD) to allow or block traffic by protocol, port, and source/destination IP addresses, set default policies, and save the rules for persistence. IPTables is a powerful tool providing granular network security control on Linux servers. For more, refer to the official Netfilter IPTables documentation.