On all the Linux versions, the iptables is a program which provides different methods to manage the Linux kernel’s net filter or packet filtering capabilities. These are the rules which makes possible for all administrators to control what computers can connect to our system. This will also limit any risk of exposure of your system. This article is to give you a basic understanding of how to add firewall rules with iptables command.
First thing about iptable rules is they fall in three different chains. These chains describe the complete process of filtering the traffic and processing it. Chains follow some orders and network packets should pass through earlier rules so that they can reach to later rules. There are main three types of chain but here we are discussing only about two.
INPUT and OUTPUT chain. INPUT chain generally handles all the incoming traffic and Output chain handles all the outgoing traffic. So, here in this article we are going to discuss on adding rules using the iptables –A command. –A means append. Even, you can also easily remember this as add-rule. But, make a note of one thing that –A always adds a rule at the end of chain only. Mostly last rule will be there to always drop the packets. If you have already defined a rule to drop the packets and if you try to create any rule with –A option with command line then you would surely end up in adding new rule after the drop all packets rule. Your new rule would be useless in this case. If you are a master of iptables then you should use a shell script in implementing the same on your production environment. Last line of your shell script would be always to drop all the packets. When you are modifying or adding any new rule then always try to add your rule above the drop all packets rule.
# iptables-A chain firewall-rule
Here, -A chain means the chain for which the rule should be created. For instance, you can use INPUT chain for all incoming packets and OUTPUT for any outgoing packets.
Firewall-rule means different parameters which defines your complete rule. Different types of firewall rule parameters are: -p if for protocol which indicated the protocol to be used in rule. Some examples are tcp, udp and icmp. Next parameter is –s, this indicates source. This can be any ipaddress or network address. –d option is generally used for destination. Here, this means the destination ip address or destination network.
Next, you can add option is –j. This means target. The meaning of this option is what should happen to the packet when the rule is matched. Some of the possible values can be ACCEPT, DROP or REJECT.
Next two options that can be specified are –i and –o. Here, -i stands for input interface. This indicates that incoming packets are coming from which source or device. –o specifies the output device or destination. This denotes that output packets are going through which device or source.
So, after combing all the above mentioned options we can make a standard rules based on your requirements. Let us have a look at one basic example which allows incoming SSH connection from any server.
# iptables –A INPUT –i eth0 –p tcp –dport 22 –j ACCEPT
As said, above example allows incoming SSH traffic to your machine coming through eth0 Interface. The –dport option denotes the port number of SSH.