How to configure the firewall in Linux with IPtables

iptable linux

Although sometimes I still touch Windows by myself and in many others they force me (marditoh rodoreh) when I have to do things away from my computers, for me talking about Windows is like something that is left far behind in time. When I used it as my main system (I had no other), I tried to shield it with software like Kaspersky's antivirus and the occasional firewall, among many other security tools. In Linux we have never been as exposed as in Windows, but there is also software that helps us to be calmer, such as IPtables, a firewall or firewall.

The firewall is a security system that is responsible for controlling network traffic that enters and leaves an operating system. One of the most widespread in Linux is the aforementioned IPtables, to the point that, probably and without you knowing it, it has already been installed in your operating system since you released it. What we are going to try to do in this article is to explain how to configure firewall in linux with IPtables.

IPtables on Linux, what you need to know

Configuring a firewall can be complicated, and more in an operating system like Linux in which the best is achieved at the touch of a terminal. Before starting, it is advisable to know a little about network and security issues, or at least understand that, when we are connected, we are communicating with other equipment, and these devices or their owners may have good or bad intentions. For this reason, depending on the use we make of our PC, it is worth controlling everything that goes out and everything that enters it.

Also, and for what might happen, if we have another firewall on our Linux system and we are going to start tweaking things in IPtables, it is worth making a backup copy of our current firewall configuration. With all this clear, we begin to fully talk about the configuration of IPtables.

  1. The first thing we have to do is install the package. Most Linux distributions have it installed by default, but this is something that is not always the case. To find out if we have IPtables installed in our operating system, we open a terminal and write iptables -v. In my case and at the time of writing this article, my terminal returns me iptable v1.8.8. In case it is not installed, it can be installed with:

Ubuntu/Debian or derivatives:

sudo apt install iptables

Fedora/Redhat or derivatives:

sudo yum install iptables

Arch Linux and derivatives

sudo pacman -Siptables

After installation, it will be enabled with:

sudo systemctl enable iptables sudo systemctl start iptables

And you can see its status with:

sudo systemctl status iptables
  1. With the firewall already installed, you have to configure its rules. IPtables rules are divided into tables (which we will talk about in more detail later in this article): filter, nat and mangle, to which we must add raw and security. The filter table is used to control incoming and outgoing traffic, the nat table is used to do NAT (Network Address Translation) and the mangle table is used to modify the IP packet. To configure the rules of the filter table, the following commands are used:
  • iptables -A INPUT -j ACCEPT (allow all incoming traffic).
  • iptables -A OUTPUT -j ACCEPT (allow all outgoing traffic).
  • iptables -A FORWARD -j ACCEPT (allow all routing traffic). However, this configuration allows all traffic, and is not recommended for a production system. It is important to specify the firewall rules based on the specific needs of the system. For example, if you want to block incoming traffic on port 22 (SSH), you can use the command:
iptables -A INPUT -p tcp --dport 22 -j DROP
  1. Another important thing is to save the settings, so as not to lose them when rebooting the system. On Ubuntu and Debian the "iptables-save" command is used to save the current configurations to a file. On Red Hat and Fedora, the "service iptables save" command is used to save the configurations. If you're in doubt which one to use, the Ubuntu/Debian commands tend to work on more distributions.

Load configurations after a reboot

For load saved settings, the same commands used to save them are used, but with the "restore" action instead of "save". On Ubuntu and Debian, the "iptables-restore" command is used to load saved configurations from a file. On Red Hat and Fedora, the "service iptables restore" command is used to load the saved configurations. Once again, if you are in doubt about which command to use, the Ubuntu/Debian commands usually work best.

It is important to note that if changes are made to the firewall settings, they need to be saved and reloaded for the changes to take effect. It is a way to overwrite the configuration file with the new data, and if it is not done this way, the changes will not be saved.

Tables in IPtables

There are 5 types of bullion tables in IPTables and each one has different rules applied:

  • filter : This is the main and default table when using IPTables. This means that if no specific table is mentioned when applying rules, the rules will be applied to the filter table. As its name suggests, the role of the filter table is to decide whether to allow packets to reach their destination or deny their request.
  • nat (Network Address Translation): As the name suggests, this table allows users to determine the translation of network addresses. The role of this table is to determine if and how to modify the source and destination packet address.
  • mangrove: This table allows us to modify the IP headers of the packets. For example, the TTL can be adjusted to lengthen or shorten the network hops that the packet can support. In a similar way, other IP headers can also be modified according to your preference.
  • raw: The main use of this table is to trace connections as it provides a mechanism for marking packets to view packets as part of an ongoing session.
  • security: Using the security table, users can apply internal SELinux security context flags to network packets.

The last two tables are hardly used, to the point that most documentation only talks about filter, nat, and mangle.

In the help file we can find examples on how to manage IPtables. To see it, we will open a terminal and type iptables -h.

Although iptables is one of the best options out there for Linux, if you prefer something simpler with a graphical interface you can take a look at Firewalld.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.