This is a subsystem for working with network packages, which passes through its filter all connections on the server. Let’s take a closer look at the IPTables configuration.
General information
IPTables is already built into the main Linux kernel by default, but the tools for working with it in many distributions are not available by default, so let’s use the command to install the utility.
Debian / Ubuntu
Sudo is intended for use on the Ubuntu operating system. For Debian, a simple command is used.
CentOS [Fedora]
Setting
After installing the utility, we will proceed to its detailed configuration.
Arguments
-A - add a rule to the section.
-C - check all the rules.
-D - Delete the rule.
-I - insert the rule with the required number.
-L - print all the rules in the current section.
-S - output all rules.
-F - clear all rules.
-N - Create a partition.
-X - Remove the partition.
-P - set the default action.
-p - install the protocol.
-s - specify the address of the sender.
-d - specify the recipient address.
-i is the input network interface.
-o is the outgoing network interface.
-j - follow the rule.
INPUT —is responsible for handling incoming packets and connections.
FORWARD —is used for passing connections. This is where the corresponding packets come in, which are sent to your server, but do not define it as the purpose of delivery.
OUTPUT — completely opposite to the first. Used for outgoing packets and connections.
ACCEPT — skip package.
DROP —remove package.
REJECT — reject the packet.
LOG — make a log file of the appropriate package.
QUEUE — send the packet to the user’s application.
Opening port(s)
First, let’s check our list of rules:
Let’s try to open oneTCP-порт 80 for входящих соединений:
Let’s check the list again...
Now let’s try to open the UDP port range from 25565 to 25570 for outgoing connections:
Let’s check the result.
Want to close all inbound connections for TCP 250? No problem.
Rule removal
Now try to remove the rule that allows inbound connections for TCP 80:
Deletion of all rules
To do this, use the command
Preservation of established rules
By default, all the rules that have been created are applied until the next reboot and will be deleted during it. To avoid this, let’s save the IPTables rules that we created. To do this, use the appropriate command.
It worked. The rules are saved and will be active even after restarting our server!
Last updated