What is IPtable in Linux?
Iptables is a built-in Linux firewall that includes some conditions, known as Rules, according to which the traffic is allowed on a machine. The incoming and outgoing traffic and filter a specified rule is handled by Iptables. Iptables contain multiple Chains. A Chain is a set of rules in the table.
We transfer data in the form of packets. We need IPtables in Linux which is a Command-line (CLI) tool for managing the firewall rules on a Linux machine. IPtables contain different tables to filter the packets.
Types Of Tables in IPtables in Linux
- Filter Table – Filter table is the known as default and main table. Default table of Iptables is Filter Table.
- NAT Table – NAT (Network Address Translation) is used to provide address translation rule.
- Mangle Table – Mangle table is used to Modify the IP Header.
- Raw Tables – Raw table is used for connection tracking. It provides a mechnism for making packets to view packets as part of an on goingconnection or session.
- Security Table – Security table is used Used for Mandatory Access Control(MAC).
Rules And Target In IPtables in Linux
Rules are what should we do with the packets if it matches any defined rule.
If a packet matches a set of rules. It will define a Target. A Target is some special value or action taken to a packet or on IP.
Targets in IPtables
- ACCEPT
- DROP
- RETURN
- QUEUE
Chains And Its Type
Chains are basically a set of similar types of rules. These are like points in the route of a packet where you can apply rules.
- INPUT: We use Input chain to control the incoming packets to the server.
- FORWARD: This chain for incoming connections that are not actually being delivered locally.
- OUTPUT: We chain applied to the packet originated from our system and going out.
- Pre – Routing: We use this chain for modifying packets as they arrive.
- Post – Routing : We use this chain to modify packets as they are leaving.
Traversal Order In Iptables
An incoming packet destined for the local system.
Prerouting -> InputPackets
Prerouting -> Forward -> PostRoutingLocally generated packets.
Output-> PreroutingCommand To install and View Iptables
- Command to install Iptables commands are
sudo apt-get update
sudo apt-get install iptables 2. Command to view the filter table
sudo iptables -L The output will look like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination 3. Command to view the Other tables :
sudo iptables -t nat -L
sudo iptables -t Security -L
sudo iptables -t mangle -L
sudo iptables -t raw -LCommands To Add Rules in IPtables
- Command to block a website.
In the below command we are blocking `www.iitb.ac.in` which is the IIT Bombay website.
sudo iptables -A INPUT -s www.iitb.ac.in -j DROP2. Command to block a particular website by using Ip-address
sudo iptables -I INPUT -s 192.168.0.102 -j DROP3. Command to block the loopback address.
the loopback address is your localhost of IP 127.0.0.1
sudo iptables -A INPUT -i lo -j DROPCommands To Remove Rules from IPtables
1. Command to remove a particular rule in the table according to the line number.
sudo iptables -D <chain name> <linenumber>2. Command to remove all the rules in the table according to the chain name.
sudo iptables -F <chain name>3. Command to remove all the Rules in the table.
sudo iptables -F/--flushConclusion of IPtables in Linux
Curious to learn more about the Iptables please visit https://help.ubuntu.com/community/IptablesHowTo
For more informative blogs do check out our blog site https://blog.knoldus.com/category/devops/
