Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
20 Useful IPtable Firewall Rules Every Linux Administrator Should Know
As a Linux administrator, one of the most important aspects of maintaining a secure and stable network is implementing an effective firewall. IPtables is a powerful firewall tool that comes pre-installed on most Linux distributions. In this article, we will explore 20 useful IPtables firewall rules that every Linux administrator should know. These rules will help you secure your network and prevent unauthorized access, while also allowing legitimate traffic to pass through.
Block All Incoming Traffic Except SSH
The first rule is to block all incoming traffic except for SSH. SSH is a secure way to access your server remotely, and it is important to allow access to it while blocking all other traffic. To implement this rule, enter the following commands
sudo iptables -P INPUT DROP sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
This will set the default policy for incoming traffic to DROP, which means all traffic will be blocked except for traffic on port 22 (SSH).
Allow Outgoing Traffic
It is important to allow outgoing traffic from your server, as this is necessary for many applications and services to function properly. To allow all outgoing traffic, enter the following command
sudo iptables -P OUTPUT ACCEPT
This will set the default policy for outgoing traffic to ACCEPT, which means all outgoing traffic will be allowed.
Block Incoming Traffic on Specific Ports
If you want to block incoming traffic on specific ports, you can use the following command
sudo iptables -A INPUT -p tcp --dport <port_number> -j DROP
Replace <port_number> with the number of the port you want to block. For example, to block incoming traffic on port 80 (HTTP), enter the following command
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
Block Incoming Traffic from Specific IP Addresses
To block incoming traffic from specific IP addresses, use the following command
sudo iptables -A INPUT -s <ip_address> -j DROP
Replace <ip_address> with the IP address you want to block. For example, to block incoming traffic from IP address 192.168.1.100, enter the following command
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
Allow Traffic from Specific IP Addresses
To allow traffic from specific IP addresses, use the following command
sudo iptables -A INPUT -s <ip_address> -j ACCEPT
Replace <ip_address> with the IP address you want to allow. For example, to allow traffic from IP address 192.168.1.100, enter the following command
sudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT
Block Incoming Traffic on Specific Network Interface
If you have multiple network interfaces on your server and you want to block incoming traffic on a specific interface, use the following command
sudo iptables -A INPUT -i <interface_name> -j DROP
Replace <interface_name> with the name of the interface you want to block. For example, to block incoming traffic on eth0 interface, enter the following command
sudo iptables -A INPUT -i eth0 -j DROP
Allow Incoming Traffic on Specific Network Interface
To allow incoming traffic on a specific network interface, use the following command
sudo iptables -A INPUT -i <interface_name> -j ACCEPT
Replace <interface_name> with the name of the interface you want to allow. For example, to allow incoming traffic on eth0 interface, enter the following command
sudo iptables -A INPUT -i eth0 -j ACCEPT
Block Traffic to Specific Destination IP Addresses
To block traffic to specific destination IP addresses, use the following command
sudo iptables -A OUTPUT -d <ip_address> -j DROP
Replace <ip_address> with the IP address you want to block. For example, to block traffic to IP address 192.168.1.100, enter the following command
sudo iptables -A OUTPUT -d 192.168.1.100 -j DROP
Allow Traffic to Specific Destination IP Addresses
To allow traffic to specific destination IP addresses, use the following command
sudo iptables -A OUTPUT -d <ip_address> -j ACCEPT
Replace <ip_address> with the IP address you want to allow. For example, to allow traffic to IP address 192.168.1.100, enter the following command
sudo iptables -A OUTPUT -d 192.168.1.100 -j ACCEPT
Block Traffic on Specific Protocol
To block traffic on a specific protocol, use the following command
sudo iptables -A INPUT -p <protocol_name> -j DROP
Replace <protocol_name> with the name of the protocol you want to block. For example, to block traffic on UDP protocol, enter the following command
sudo iptables -A INPUT -p udp -j DROP
Allow Traffic on Specific Protocol
To allow traffic on a specific protocol, use the following command
sudo iptables -A INPUT -p <protocol_name> -j ACCEPT
Replace <protocol_name> with the name of the protocol you want to allow. For example, to allow traffic on TCP protocol, enter the following command
sudo iptables -A INPUT -p tcp -j ACCEPT
Block Traffic on Specific Port Range
To block traffic on a specific port range, use the following command
sudo iptables -A INPUT -p tcp --dport <starting_port>:<ending_port> -j DROP
Replace <starting_port> and <ending_port> with the starting and ending port numbers of the range you want to block. For example, to block traffic on ports 8000 to 9000, enter the following command
sudo iptables -A INPUT -p tcp --dport 8000:9000 -j DROP
Allow Traffic on Specific Port Range
To allow traffic on a specific port range, use the following command
sudo iptables -A INPUT -p tcp --dport <starting_port>:<ending_port> -j ACCEPT
Replace <starting_port> and <ending_port> with the starting and ending port numbers of the range you want to allow. For example, to allow traffic on ports 8000 to 9000, enter the following command
sudo iptables -A INPUT -p tcp --dport 8000:9000 -j ACCEPT
Block Traffic Based on IP Address Range
To block traffic based on IP address range, use the following command
sudo iptables -A INPUT -m iprange --src-range <start_ip>-<end_ip> -j DROP
Replace <start_ip> and <end_ip> with the starting and ending IP addresses of the range you want to block. For example, to block traffic from IP address range 192.168.1.100 to 192.168.1.200, enter the following command
sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j DROP
Allow Traffic Based on IP Address Range
To allow traffic based on IP address range, use the following command
sudo iptables -A INPUT -m iprange --src-range <start_ip>-<end_ip> -j ACCEPT
Replace <start_ip> and <end_ip> with the starting and ending IP addresses of the range you want to allow. For example, to allow traffic from IP address range 192.168.1.100 to 192.168.1.200, enter the following command
sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT
Block Traffic from Specific MAC Address
To block traffic from a specific MAC address, use the following command
sudo iptables -A INPUT -m mac --mac-source <mac_address> -j DROP
Replace <mac_address> with the MAC address you want to block. For example, to block traffic from MAC address 00:11:22:33:44:55, enter the following command
sudo iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j DROP
Allow Traffic from Specific MAC Address
To allow traffic from a specific MAC address, use the following command
sudo iptables -A INPUT -m mac --mac-source <mac_address> -j ACCEPT
Replace <mac_address> with the MAC address you want to allow. For example, to allow traffic from MAC address 00:11:22:33:44:55, enter the following command
sudo iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
Block Incoming ICMP Traffic
To block incoming ICMP traffic (ping requests), use the following command
sudo iptables -A INPUT -p icmp -j DROP
Allow Incoming ICMP Traffic
To allow incoming ICMP traffic (ping requests), use the following command
sudo iptables -A INPUT -p icmp -j ACCEPT
Allow Loopback Traffic
Loopback traffic is essential for many applications to function properly. To allow loopback traffic, use the following command
sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT
Allow Established and Related Connections
To allow traffic for established and related connections while blocking all new incoming connections, use the following commands
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -P INPUT DROP
This rule allows traffic for established connections (responses to outbound requests) and related connections (like FTP data channels) while dropping all other new incoming traffic.
Key Benefits of These Rules
| Rule Type | Security Benefit | Use Case |
|---|---|---|
| IP-based filtering | Prevents access from malicious IPs | Blocking known attack sources |
| Port-based filtering | Limits attack surface | Closing unused services |
| Protocol filtering | Controls traffic types | Allowing only required protocols |
| Connection state tracking | Prevents unauthorized connections | Stateful firewall behavior |
Conclusion
These 20 essential IPtables firewall rules provide a comprehensive foundation for securing your Linux server. By implementing these rules appropriately, you can control incoming and outgoing traffic, block malicious sources, and create a robust security perimeter. Always test these rules in a development environment before applying them to production systems to avoid service disruptions.
2K+ Views
