Iptables Tutorial – Secure your Ubuntu VPS with a Linux Firewall

Iptables is the Linux firewall used to monitor incoming and outgoing traffic to a server and filter it based on user-defined rules to prevent anyone from accessing the system. Using Iptables you can define rules that will only allow selective traffic on your server. In this Iptables tutorial, you will learn how to secure your web application using Iptables.

Note: For RHEL / CentOS users there is a service called firewallD that is already installed on these operating systems. If you want to use Iptables, but first you must disable it.

What do you need?

Before you begin the Iptables tutorial, you will need the following:

If you want to learn more about SSH and SSH commands, follow this tutorial.

Iptables Basics

All data is sent in the form of packets over the Internet. The Linux kernel provides an interface that filters incoming and outgoing traffic packets using packet filter tables. Iptables is a Linux firewall and command line application that can configure, maintain and inspect these tables. Multiple tables can be defined. Each table can contain multiple strings. A chain is nothing more than a set of rules. Each rule defines what to do with the packet if it matches that packet. When the packet is matched, it is given a TARGET. A target can be another string that matches or one of the following special values:

  • ACCEPT: It means that the packet will be able to pass.
  • DROP: It means that the packet will not be allowed to pass.
  • RETURN: Means skip the current chain and return to the next rule in the chain in which it was called.

For the scope of this iptables tutorial, we are going to work with one of the default tables called filter. The filter table has three chains (rule sets).

  • INPUT – This string is used to control incoming packets to the server. You can block/allow connections based on port, protocol or source IP address.
  • FORWARD – This chain is used to filter packets that enter the server but need to be forwarded elsewhere.
  • OUTPUT – This chain is used to filter packets leaving the server.

Step 1 – Linux Iptables Firewall Installation

1. Installing Iptables

Iptables comes pre-installed on almost all Linux distributions. But if you don’t have it installed on Ubuntu/Debian system, use:

See also  Strong Together: housing and accommodation for Ukraine

sudo apt-get update sudo apt-get install iptables

2. Checking the current state of iptables

With this command, you can check the status of your current Iptables configuration. Here the -L option is used to list all the rules and the -v option is for a more tedious list. Note that these options are case sensitive.

sudo iptables -L -v

Example:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt ​​in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt ​​in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes ) pkts bytes target prot opt ​​in out source destination

This is the output of the previous command. Here, all three strings are set to the default ACCEPT policy. There are currently no rules for any of the chains.

To make this Iptables tutorial more practical, we will modify the INPUT string to filter incoming traffic.

Step 2 – Define chain rules

Defining a rule means adding it to the list (string). Here is the Iptables command formatted with regular options. We don’t have to specify all of them.

sudo iptables -A -i -p -s –dport -j

Here -A means add. The chain refers to the chain in which we want to add our rules. Interface is the network interface on which you want to filter traffic. Protocol refers to the network protocol of the packets you want to filter. You can also specify the port, not the port on which you want to filter traffic.

For more detailed information about the Iptables command and its options, you can refer to .

1. Enable traffic on localhost

We want all communication between applications and databases on the server to continue as usual.

sudo iptables -A INPUT -i lo -j ACCEPT

Example:

Chain INPUT (policy ACCEPT 7 packets, 488 bytes) pkts bytes target prot opt ​​in out source destination 0 0 ACCEPT all — lo any anywhere anywhere

The -A option is used to add the rule to the INPUT chain, accepting all connections on the lo interface. it means the loopback interface. It is used for all communication on the localhost, such as communication between a database and a web application on the same machine.

See also  9 Best Platforms to Create Blogs in 2022

2. Enabling HTTP, SSH, and SSL port connections

If we want our regular HTTP (port 80), https (port 443), ssh (port 22) connections to continue as usual. Enter the following commands to enable them. In the following commands, we have specified the protocol with the -p option and the corresponding port for each protocol with the -dport (destination port) option.

sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp –dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp –dport 443 -j ACCEPT

Now all TCP protocol connections with specified ports will be accepted.

3. Source-Based Packet Filtering

If you want to accept or reject packets based on source IP address or IP address range, you can specify this with the -s option. For example, to accept packets from the address 192.168.1.3 –

sudo iptables -A INPUT -s 192.168.1.3 -j ACCEPT

You can drop packets from an IP address with a similar command with the DROP option.

sudo iptables -A INPUT -s 192.168.1.3 -j DROP

If you want to drop packets from a range of IP addresses, you must use the Iprange module with the -m option and specify the IP address range with -src-range.

sudo iptables -A INPUT -m iprange –src-range 192.168.1.100-192.168.1.200 -j DROP

4. Remove all other traffic

Note: It is important to remove all other traffic after defining the rules, as it prevents unauthorized access to a server from other open ports.

sudo iptables -A INPUT -j DROP

This command drops all incoming traffic other than the ports mentioned in the previous commands. You can check your rule set now with:

sudo iptables -L -v

5. Deletion of rules

If you want to remove all the rules and start with a clean slate, you can use the flush command.

sudo iptables -F

This command deletes all current rules. If you want to remove a specific rule, you can do so with the -D option. First, list all rules with numbers by entering the following command:

See also  Top 20 HTML Web Fonts to Use in 2022

sudo iptables -L –line-numbers

You will then get a list of rules with numbers.

Chain INPUT (policy ACCEPT) num target prot opt ​​source destination 1 ACCEPT all — 192.168.0.4 anywhere 2 ACCEPT tcp — anywhere anywhere tcp dpt:https 3 ACCEPT tcp — anywhere anywhere tcp dpt:http 4 ACCEPT tcp — anywhere anywhere tcp dpt:ssh

To remove a rule, specify the number in the list and the string of the rule. In our case, the string INPUT and the number 3.

sudo iptables -D INPUT 3

Step 3 – Persistent Changes

The Iptables rules that we have created are saved in memory. That means we have to redefine them on reboot. To make these changes persistent after reboot, use the following command on Ubuntu / Debian systems:

sudo /sbin/iptables-save

This command saves the current rules to the system configuration file that is used to reconfigure the tables at reboot time. You must run this command every time you make changes to the rules. To disable this firewall, simply clean all the rules and make the changes persistent.

sudo iptables -F sudo /sbin/iptables-save

conclusion

In this Iptables tutorial, we have used the Iptables Linux firewall to only allow traffic on specific ports. We’ve also made sure that our rules will be saved after the reset. This Linux firewall will drop unwanted packets, but there is a caveat here that Iptables can only govern ipv4 traffic. If your box has enabled ipv6 networking, you must set different rules for that traffic with ip6tables.

We recommend you read our post about .

Gustavo is passionate about creating websites. He focuses on the application of SEO strategies at for Spain and Latin America, as well as the creation of high-level content. When he is not applying new WordPress tricks you can find him playing the guitar, traveling or taking an online course.

Loading Facebook Comments ...
Loading Disqus Comments ...