{"id":14233,"date":"2025-12-27T12:13:03","date_gmt":"2025-12-27T06:43:03","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14233"},"modified":"2025-12-27T12:13:47","modified_gmt":"2025-12-27T06:43:47","slug":"create-iptables-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-iptables-on-linux-server","title":{"rendered":"How to Create IPTables on Linux Server for Strong Network Security"},"content":{"rendered":"\n<p><strong>To create IPTables on a Linux server<\/strong>, install the iptables package, set default policies (typically DROP on INPUT\/FORWARD), add rules to allow SSH and required services, permit loopback and established connections, then save rules for persistence across reboots. Always test from a second SSH session and back up rules with iptables-save before changes.<\/p>\n\n\n\n<p>If you\u2019re wondering how to create IPTables on Linux Server, this guide walks you through a reliable, production-safe configuration from zero to persistent rules. As a hosting engineer, I\u2019ll show you exactly how iptables works, how to build a secure baseline, and how to save, test, and troubleshoot on Ubuntu\/Debian and CentOS\/RHEL systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-iptables-and-why-it-matters\"><strong>What is IPTables and Why it Matters<\/strong>?<\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>IPTables is a user-space firewall utility that controls packet filtering and NAT on Linux via the kernel\u2019s Netfilter framework. It lets you allow, block, and redirect traffic using rules organized into tables and chains. On modern distributions, iptables often runs in \u201cnft\u201d compatibility mode, but the CLI and concepts remain the same.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"784\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-IPTables-and-Why-It-Matters-2.png\" alt=\"What Is IPTables and Why It Matters\" class=\"wp-image-14535 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-IPTables-and-Why-It-Matters-2.png 1168w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-IPTables-and-Why-It-Matters-2-150x101.png 150w\" sizes=\"auto, (max-width: 1168px) 100vw, 1168px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-iptables-works-tables-chains-and-rules\"><strong>How IPTables Works: Tables, Chains, and Rules<\/strong><\/h2>\n\n\n\n<p>IPTables processes packets through chains. Each chain contains ordered rules. When a packet matches a rule, its target action runs (ACCEPT, DROP, REJECT, LOG, DNAT, SNAT, MASQUERADE). If no rule matches, the chain\u2019s default policy applies.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Common tables:<\/strong> filter (default), nat, mangle, raw<\/li>\n\n\n\n<li><strong>Common chains:<\/strong> INPUT (to this server), OUTPUT (from this server), FORWARD (through this server)<\/li>\n\n\n\n<li><strong>Default policy: <\/strong>What happens if no rules match (usually ACCEPT or DROP)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"before-you-start-prerequisites-and-safety\"><strong>Before You Start: Prerequisites and Safety<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Have console or out-of-band access (VNC\/IPMI\/KVM) in case you lock yourself out.<\/li>\n\n\n\n<li>Open a second SSH session to test new rules before closing your current one.<\/li>\n\n\n\n<li><strong>Know your distribution:<\/strong> Ubuntu\/Debian vs. CentOS\/RHEL. Some newer systems use nftables under the hood, but iptables commands still work.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-verify-iptables\"><strong>Install and Verify IPTables<\/strong><\/h2>\n\n\n\n<p>On most Linux servers, iptables is preinstalled. If not, install and verify:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu\/Debian\nsudo apt update\nsudo apt install -y iptables iptables-persistent\n\n# CentOS 7\/RHEL 7\nsudo <a href=\"https:\/\/www.youstable.com\/blog\/install-yum-on-linux\/\">yum install<\/a> -y iptables iptables-services\n\n# Verify\nsudo iptables -V\nsudo iptables -L -n -v<\/code><\/pre>\n\n\n\n<p>If you see \u201ciptables (legacy)\u201d or \u201ciptables v1.x (nf_tables)\u201d, you can still proceed. The CLI is compatible with both backends.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-a-secure-baseline-firewall-step-by-step\"><strong>Create a Secure Baseline Firewall (Step-by-Step)<\/strong><\/h2>\n\n\n\n<p>We\u2019ll build a safe, minimal baseline for a typical Linux server. Order matters\u2014add allow rules before setting restrictive policies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-allow-loopback-and-established-connections\"><strong>1) Allow Loopback and Established Connections<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow loopback\nsudo iptables -A INPUT -i lo -j ACCEPT\n\n# Allow established\/related traffic (stateful rule)\nsudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-allow-ssh-before-restricting-anything\"><strong>2) Allow SSH Before Restricting Anything<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow SSH (default port 22). Adjust if you use a custom port.\nsudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\n\n# Optional: rate-limit brute force (5 new connections\/minute)\nsudo iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH\nsudo iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH -j DROP<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-allow-icmp-ping-and-service-ports-you-need\"><strong>3) Allow ICMP (Ping) and Service Ports You Need<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># ICMP echo-request (ping). Useful for diagnostics; disable if policy requires.\nsudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT\n\n# <a href=\"https:\/\/www.youstable.com\/blog\/install-apache-web-server-in-linux\/\">Web server<\/a> traffic\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-drop-invalid-packets\"><strong>4) Drop Invalid Packets<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-set-default-policies-to-drop\"><strong>5) Set Default Policies to Drop<\/strong><\/h3>\n\n\n\n<p>After allows are in place, make INPUT\/FORWARD restrictive. OUTPUT is typically ACCEPT for standard servers.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo iptables -P INPUT DROP\nsudo iptables -P FORWARD DROP\nsudo iptables -P OUTPUT ACCEPT<\/code><\/pre>\n\n\n\n<p>List rules to confirm order and counters:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo iptables -L -n -v --line-numbers\nsudo iptables -S<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-additional-services-real-world-examples\"><strong>Open Additional Services (Real-World Examples)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Allow FTP (control only \u2013 consider SFTP instead):<\/strong> <code>sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT<\/code><\/li>\n\n\n\n<li><strong>Allow MySQL from a trusted host:<\/strong> <code>sudo iptables -A INPUT -p tcp --dport 3306 -s 203.0.113.10 -j ACCEPT<\/code><\/li>\n\n\n\n<li><strong>Allow SMTP: <\/strong><code>sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT<\/code> (or 587\/465 for submission\/SSL)<\/li>\n\n\n\n<li><strong>Block a malicious IP: <\/strong><code>sudo iptables -A INPUT -s 198.51.100.5 -j DROP<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nat-and-port-forwarding-with-iptables\"><strong>NAT and Port Forwarding with IPTables<\/strong><\/h2>\n\n\n\n<p>For gateway or Docker\/Kubernetes nodes, you may need SNAT or DNAT rules. Enable kernel forwarding first:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.ipv4.ip_forward=1\" | sudo tee \/etc\/sysctl.d\/99-ipforward.conf\nsudo sysctl -p \/etc\/sysctl.d\/99-ipforward.conf<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"snat-masquerade-outbound-internet-from-lan\"><strong>SNAT\/MASQUERADE (Outbound Internet from LAN)<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Assuming eth0 is WAN, eth1 is LAN\nsudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\nsudo iptables -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT\nsudo iptables -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"dnat-port-forward-publish-internal-service\"><strong>DNAT\/Port Forward (Publish Internal Service)<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Forward WAN:8080 to 10.0.0.10:80\nsudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 10.0.0.10:80\nsudo iptables -A FORWARD -p tcp -d 10.0.0.10 --dport 80 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"make-iptables-rules-persistent-across-reboots\"><strong>Make IPTables Rules Persistent Across Reboots<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"debian-ubuntu\"><strong>Debian\/Ubuntu<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Install helper\nsudo apt install -y iptables-persistent netfilter-persistent\n\n# Save current rules\nsudo netfilter-persistent save\n# or\nsudo sh -c 'iptables-save &gt; \/etc\/iptables\/rules.v4'\n\n# Restore manually if needed\nsudo iptables-restore &lt; \/etc\/iptables\/rules.v4<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"centos-rhel-7\"><strong>CentOS\/RHEL 7<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Install and enable service\nsudo yum install -y iptables-services\nsudo systemctl enable iptables\nsudo systemctl start iptables\n\n# Save current rules to \/etc\/sysconfig\/iptables\nsudo service iptables save\n# or\nsudo sh -c 'iptables-save &gt; \/etc\/sysconfig\/iptables'<\/code><\/pre>\n\n\n\n<p>On RHEL\/CentOS 8+ and many modern distros, firewalld\/nftables is default. You can still use iptables (nft backend) or consider migrating to nftables for long-term consistency.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"testing-logging-and-troubleshooting\"><strong>Testing, Logging, and Troubleshooting<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep two SSH sessions open; apply rules in one and test from the other.<\/li>\n\n\n\n<li>Ping and curl from external networks to verify exposure: <code>curl -I http:\/\/your.ip<\/code>, <code>nc -zv your.ip 22 80 443<\/code><\/li>\n\n\n\n<li>Log drops (place near the end and use rate limiting):<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Log and drop unmatched input (optional)\nsudo iptables -A INPUT -m limit --limit 5\/min -j LOG --log-prefix \"IPTables-Dropped: \" --log-level 7\nsudo iptables -A INPUT -j DROP<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>View kernel logs:<\/strong> <code>sudo journalctl -k -f<\/code> or <code>sudo tail -f \/var\/log\/kern.log<\/code><\/li>\n\n\n\n<li><strong>Review counters:<\/strong> <code>sudo iptables -L -n -v<\/code><\/li>\n\n\n\n<li>Flush if you made a mistake (caution \u2013 re-open SSH rules immediately):<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Flush all filter rules (does not change default policies)\nsudo iptables -F\n# List numbered rules and delete a specific one\nsudo iptables -L INPUT --line-numbers\nsudo iptables -D INPUT &lt;number&gt;<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ufw-and-firewalld-vs-iptables\"><strong>UFW and Firewalld vs. IPTables<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>UFW (Ubuntu):<\/strong> A simplified wrapper for iptables. Great for quick setups, fewer advanced options.<\/li>\n\n\n\n<li><strong>Firewalld (RHEL\/CentOS\/Fedora):<\/strong> Zone-based management using nftables; integrates with system services.<\/li>\n\n\n\n<li><strong>IPTables: <\/strong>Fine-grained, scriptable control; ideal when you need explicit rule ordering and NAT handling.<\/li>\n<\/ul>\n\n\n\n<p>For most beginners, UFW or firewalld is easier. If you need surgical control or are tuning Docker\/NAT, iptables remains a powerful choice.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-a-hardened-linux-firewall\"><strong>Best Practices for a Hardened Linux Firewall<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Principle of least privilege:<\/strong> Open only what you must; restrict by source IP where possible.<\/li>\n\n\n\n<li><strong>Stateful rules first: <\/strong>Allow ESTABLISHED,RELATED early to reduce CPU and false positives.<\/li>\n\n\n\n<li><strong>Order matters:<\/strong> Place specific allows before broad drops. Comment rules when possible: <code>-m comment --comment \"Allow SSH\"<\/code><\/li>\n\n\n\n<li><strong>Version control: <\/strong>Store rule files in Git and deploy with Ansible or shell scripts.<\/li>\n\n\n\n<li><strong>Monitor and alert: <\/strong>Ship logs to a SIEM or log management tool; watch for spikes in dropped traffic.<\/li>\n\n\n\n<li><strong>Docker awareness: <\/strong>Docker manages its own iptables chains; avoid blanket flushes on hosts running containers.<\/li>\n\n\n\n<li><strong>Backup always:<\/strong> <code>iptables-save &gt; \/root\/iptables-backup-$(date +%F).rules<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"example-full-minimal-web-server-rule-set\"><strong>Example: Full Minimal Web Server Rule Set<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Flush existing\nsudo iptables -F\nsudo iptables -t nat -F\n\n# Default policies\nsudo iptables -P INPUT DROP\nsudo iptables -P FORWARD DROP\nsudo iptables -P OUTPUT ACCEPT\n\n# Loopback\nsudo iptables -A INPUT -i lo -j ACCEPT\n\n# Established\/Related\nsudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n\n# SSH with rate-limit\nsudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH\nsudo iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH -j DROP\n\n# HTTP\/HTTPS\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT\n\n# ICMP ping\nsudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT\n\n# Optional: log remaining\nsudo iptables -A INPUT -m limit --limit 5\/min -j LOG --log-prefix \"IPTables-Dropped: \"\n\n# Final drop (policy already DROP; kept for explicitness)\nsudo iptables -A INPUT -j DROP\n\n# Save rules\n# Debian\/Ubuntu\n# sudo netfilter-persistent save\n# CentOS\/RHEL\n# sudo service iptables save<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"why-this-matters-for-hosting-and-cloud-servers\"><strong>Why This Matters for Hosting and Cloud Servers<\/strong><\/h2>\n\n\n\n<p>In real <a href=\"https:\/\/www.youstable.com\/blog\/create-a-custom-hosting-environment-with-a-dedicated-server\/\">hosting environments<\/a>, a properly designed iptables policy reduces attack surface, throttles brute force attempts, and keeps noisy traffic from consuming resources. At YouStable, our managed servers ship with hardened firewall templates, continuous monitoring, and change control\u2014ideal if you prefer expert-managed security without DIY risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"frequently-asked-questions\"><strong>Frequently Asked Questions<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765959202897\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-iptables-deprecated-in-favor-of-nftables\"><strong>Is IPTables deprecated in favor of nftables?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>nftables is the modern framework, and many distros route iptables commands through an nft backend (iptables-nft). IPTables is still widely supported. New deployments can use either; long-term, nftables offers cleaner syntax and features, but iptables remains viable and common.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765959219726\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-list-and-back-up-my-current-iptables-rules\"><strong>How do I list and back up my current iptables rules?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>List rules with counters using <code>sudo iptables -L -n -v --line-numbers<\/code> or raw syntax via <code>sudo iptables -S<\/code>. Back up everything to a file using <code>sudo iptables-save &gt; ~\/iptables-$(date +%F).rules<\/code>. Restore with <code>sudo iptables-restore &lt; file.rules<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765959271724\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-can-i-allow-a-port-in-iptables-quickly\"><strong>How can I allow a port in iptables quickly?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use a simple append rule, for example: <code>sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT<\/code>. Ensure you have ESTABLISHED,RELATED and loopback rules first, and set your default policies to DROP for a secure stance.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765959286174\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-iptables-ufw-and-firewalld\"><strong>What\u2019s the difference between iptables, UFW, and firewalld?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>IPTables is the low-level, rule-by-rule interface. UFW (Ubuntu) and firewalld (RHEL\/CentOS\/Fedora) are higher-level managers that generate rules for you. UFW is simple; firewalld provides zone-based management; iptables offers the most explicit control.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765959300011\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-avoid-locking-myself-out-over-ssh\"><strong>How do I avoid locking myself out over SSH?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Always allow SSH first, keep a second SSH session open, and consider using a screen\/tmux session. Apply rules incrementally, verify access after each change, and back up current rules with iptables-save so you can quickly restore if needed.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To create IPTables on a Linux server, install the iptables package, set default policies (typically DROP on INPUT\/FORWARD), add rules [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16356,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14233","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-IPTables-on-Linux-Server-for-Strong-Network-Security.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14233"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14233\/revisions"}],"predecessor-version":[{"id":16358,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14233\/revisions\/16358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16356"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}