- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
20 Useful IPtable Firewall Rules Every Linux Administrator Should Know
As a Linux administrator, one of most important aspects of maintaining a secure and stable network is implementation of an effective firewall. IPtables is a powerful firewall tool that comes pre-installed on most Linux distributions. In this article, we will explore 20 useful IPtables firewall rules that every Linux administrator should know. These rules will help you secure your network and prevent unauthorized access, while also allowing legitimate traffic to pass through.
Block All Incoming Traffic Except SSH
The first rule is to block all incoming traffic except for SSH. SSH is a secure way to access your server remotely, and it is important to allow access to it while blocking all other traffic. To implement this rule, enter following commands −
sudo iptables -P INPUT DROP sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
This will set default policy for incoming traffic to DROP, which means all traffic will be blocked except for traffic on port 22 (SSH).
Allow Outgoing Traffic
It is important to allow outgoing traffic from your server, as this is necessary for many applications and services to function properly. To allow all outgoing traffic, enter following command −
sudo iptables -P OUTPUT ACCEPT
This will set default policy for outgoing traffic to ACCEPT, which means all outgoing traffic will be allowed.
Block Incoming Traffic on Specific Ports
If you want to block incoming traffic on specific ports, you can use following command −
sudo iptables -A INPUT -p tcp --dport <port_number> -j DROP
Replace <port_number> with number of port you want to block. For example, to block incoming traffic on port 80 (HTTP), enter following command −
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
Block Incoming Traffic from Specific IP Addresses
To block incoming traffic from specific IP addresses, use following command −
sudo iptables -A INPUT -s <ip_address> -j DROP
Replace <ip_address> with IP address you want to block. For example, to block incoming traffic from IP address 192.168.1.100, enter following command −
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
Allow Traffic from Specific IP Addresses
To allow traffic from specific IP addresses, use following command −
sudo iptables -A INPUT -s <ip_address> -j ACCEPT
Replace <ip_address> with IP address you want to allow. For example, to allow traffic from IP address 192.168.1.100, enter following command −
sudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT
Block Incoming Traffic on Specific Network Interface
If you have multiple network interfaces on your server and you want to block incoming traffic on a specific interface, use following command −
sudo iptables -A INPUT -i <interface_name> -j DROP
Replace <interface_name> with name of interface you want to block. For example, to block incoming traffic on eth0 interface, enter following command −
sudo iptables -A INPUT -i eth0 -j DROP
Allow Incoming Traffic on Specific Network Interface
To allow incoming traffic on a specific network interface, use following command −
sudo iptables -A INPUT -i <interface_name> -j ACCEPT
Replace <interface_name> with name of interface you want to allow. For example, to allow incoming traffic on eth0 interface, enter following command −
sudo iptables -A INPUT -i eth0 -j ACCEPT
Block Traffic to Specific Destination IP Addresses
To block traffic to specific destination IP addresses, use following command −
sudo iptables -A OUTPUT -d <ip_address> -j DROP
Replace <ip_address> with IP address you want to block. For example, to block traffic to IP address 192.168.1.100, enter following command −
sudo iptables -A OUTPUT -d 192.168.1.100 -j DROP
Allow Traffic to Specific Destination IP Addresses
To allow traffic to specific destination IP addresses, use following command −
sudo iptables -A OUTPUT -d <ip_address> -j ACCEPT
Replace <ip_address> with IP address you want to allow. For example, to allow traffic to IP address 192.168.1.100, enter following command −
sudo iptables -A OUTPUT -d 192.168.1.100 -j ACCEPT
Block Traffic on Specific Protocol
To block traffic on a specific protocol, use following command −
sudo iptables -A INPUT -p <protocol_name> -j DROP
Replace <protocol_name> with name of protocol you want to block. For example, to block traffic on UDP protocol, enter following command −
sudo iptables -A INPUT -p udp -j DROP
Allow Traffic on Specific Protocol
To allow traffic on a specific protocol, use following command −
sudo iptables -A INPUT -p <protocol_name> -j ACCEPT
Replace <protocol_name> with name of protocol you want to allow. For example, to allow traffic on TCP protocol, enter following command −
sudo iptables -A INPUT -p tcp -j ACCEPT
Block Traffic on Specific Port Range
To block traffic on a specific port range, use following command −
sudo iptables -A INPUT -p tcp --dport <starting_port_number>:<ending_port_number> -j DROP
Replace <starting_port_number> and <ending_port_number> with starting and ending port numbers of range you want to block. For example, to block traffic on ports 8000 to 9000, enter following command −
sudo iptables -A INPUT -p tcp --dport 8000:9000 -j DROP
Allow Traffic on Specific Port Range
To allow traffic on a specific port range, use following command −
sudo iptables -A INPUT -p tcp --dport <starting_port_number>:<ending_port_number> -j ACCEPT
Replace <starting_port_number> and <ending_port_number> with starting and ending port numbers of range you want to allow. For example, to allow traffic on ports 8000 to 9000, enter following command −
sudo iptables -A INPUT -p tcp --dport 8000:9000 -j ACCEPT
Block Traffic Based on IP Address Range
To block traffic based on IP address range, use following command −
sudo iptables -A INPUT -m iprange --src-range <starting_ip_address>-<ending_ip_address> -j DROP
Replace <starting_ip_address> and <ending_ip_address> with starting and ending IP addresses of range you want to block. For example, to block traffic from IP address range 192.168.1.100 to 192.168.1.200, enter following command −
sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j DROP
Allow Traffic Based on IP Address Range
To allow traffic based on IP address range, use following command −
sudo iptables -A INPUT -m iprange --src-range <starting_ip_address>-<ending_ip_address> -j ACCEPT
Replace <starting_ip_address> and <ending_ip_address> with starting and ending IP addresses of range you want to allow. For example, to allow traffic from IP address range 192.168.1.100 to 192.168.1.200, enter following command −
sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT
Block Traffic from Specific MAC Address
To block traffic from a specific MAC address, use following command −
sudo iptables -A INPUT -m mac --mac-source-j DROP
Replace <mac_address> with MAC address you want to block. For example, to block traffic from MAC address 00:11:22:33:44:55, enter following command −
sudo iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j DROP
Allow Traffic from Specific MAC Address
To allow traffic from a specific MAC address, use following command −
sudo iptables -A INPUT -m mac --mac-source <mac_address> -j ACCEPT
Replace <mac_address> with MAC address you want to allow. For example, to allow traffic from MAC address 00:11:22:33:44:55, enter following command −
sudo iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
Block Incoming ICMP Traffic
To block incoming ICMP traffic, use following command −
sudo iptables -A INPUT -p icmp -j DROP
Allow Incoming ICMP Traffic
To allow incoming ICMP traffic, use following command −
sudo iptables -A INPUT -p icmp -j ACCEPT
Block All Incoming Traffic Except Established Connections
To block all incoming traffic except established connections, use following command −
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -j DROP
This rule allows traffic for established and related connections and drops all other traffic.
Conclusion
In this article, we discussed 20 useful iptables firewall rules that every Linux administrator should know. These rules are essential for securing your Linux server and protecting it from unwanted traffic. By implementing these rules, you can control traffic that comes in and goes out of your server and protect your network from attacks. Always remember to test these rules before implementing them on a production server to avoid unexpected consequences.