SpaceCore WIKI
English
RUEnglishУкраїнська
English
RUEnglishУкраїнська
  • Personal Account and Registration
    • Account registration
    • «Customer» section
    • «Finance» section
    • Account Verification (KYC)
  • Customer service
    • How do I place an order?
    • How to contact support?
    • The Game Hosting panel
    • Setting Up BILLmanager 6 for Reselling
  • Communications
    • Notifications in Telegram
    • Web Hosting Notifications
    • Using a ping bot in Telegram
  • Information board
    • Blocked ports (VPS/VDS)
    • What is IOPS?
    • VAT for the EU and UK
  • VPS and Dedicated Servers
    • How to use VPS/VDS?
    • Changing the Password for VDS
  • OS and software configuration
    • Java [Linux]
    • Screen
    • Linux Password Recovery
    • Connecting via SSH keys
    • Disabling access to Linux using a password
    • Deploying MikroTik RouterOS on VDS
  • AI
    • Deploying DeepSeek on your server in just a few clicks
  • Windows
    • RDP connection
    • Configuring the RDP connection
    • Changing the password
    • Installation via QEMU
    • How to add an IPv4
    • Download files
    • Bruteforce Windows
  • Network Setup and Security
    • No interaction with private networks
    • Working with TCPDump
    • Change MTU Value
    • Configure IPTables
    • [DNS] Temporary failure resolving...
    • Network Speed Measurement [SpeedTest]
    • How do I buy a domain name?
    • How do I direct my domain to an IP address?
    • How to Protect Your Server? Basics of Cybersecurity
  • VPN and Privacy
    • WireGuard VPN [Easy]
    • OpenVPN [Easy]
    • Outline VPN Installation
    • Installing TorrServer
    • Installing 3X UI
    • Installing Marzban
    • Proxy for Specific Websites (V2RayN)
    • Use Nekoray
  • System monitoring
    • Traffic monitoring via VnStat
    • How to use the MTR tool
    • Getting Serial Numbers of Drives
  • Administration and Backups
    • Working with FTP Repository
    • Auto-shipment of backups
    • Installing an FTP Server
    • Mounting Linux Drives
  • Web development
    • Installing Apache2
    • Installing Nginx
    • Installing PHP
    • Installing MySQL
    • Installing PhpMyAdmin
    • Let's Encrypt SSL Generation
  • Minecraft
    • Installing Minecraft Java Server
    • Installing the Minecraft Bedrock/PE server
    • Installing the BungeeCord server
    • Installing Sponge Forge 1.12.2 Kernel
    • Configuring server.properties
    • Installing the icon on the server
    • Launch Options
    • Installing a resource pack on the server
  • Hetzner Servers
    • Control Panel
    • Password change via Rescue
    • Installing the operating system
  • 🇩🇪Contabo
    • The Control Panel
    • Disk space expansion
Powered by GitBook
On this page
  • General information
  • Debian / Ubuntu
  • CentOS [Fedora]
  • Setting
  • Arguments
  • Opening port(s)
  • Rule removal
  • Deletion of all rules
  • Preservation of established rules

This is a subsystem for working with network packages, which passes through its filter all connections on the server. Let’s take a closer look at the IPTables configuration.

General information

IPTables is already built into the main Linux kernel by default, but the tools for working with it in many distributions are not available by default, so let’s use the command to install the utility.

Debian / Ubuntu

[sudo] apt install iptables

Sudo is intended for use on the Ubuntu operating system. For Debian, a simple command is used.

CentOS [Fedora]

sudo yum install iptables

Setting

After installing the utility, we will proceed to its detailed configuration.

Arguments

-A - add a rule to the section.

-C - check all the rules.

-D - Delete the rule.

-I - insert the rule with the required number.

-L - print all the rules in the current section.

-S - output all rules.

-F - clear all rules.

-N - Create a partition.

-X - Remove the partition.

-P - set the default action.

-p - install the protocol.

-s - specify the address of the sender.

-d - specify the recipient address.

-i is the input network interface.

-o is the outgoing network interface.

-j - follow the rule.

INPUT —is responsible for handling incoming packets and connections.

FORWARD —is used for passing connections. This is where the corresponding packets come in, which are sent to your server, but do not define it as the purpose of delivery.

OUTPUT — completely opposite to the first. Used for outgoing packets and connections.

ACCEPT — skip package.

DROP —remove package.

REJECT — reject the packet.

LOG — make a log file of the appropriate package.

QUEUE — send the packet to the user’s application.

Opening port(s)

First, let’s check our list of rules:

iptables -L

Let’s try to open oneTCP-порт 80 for входящих соединений:

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

Let’s check the list again...

Now let’s try to open the UDP port range from 25565 to 25570 for outgoing connections:

iptables -t filter -A OUTPUT -p udp --dport 25565:25570 -j ACCEPT

Let’s check the result.

Want to close all inbound connections for TCP 250? No problem.

iptables -t filter -A INPUT -p tcp --dport 250 -m state --state ESTABLISHED -j DROP

Rule removal

Now try to remove the rule that allows inbound connections for TCP 80:

iptables -t filter -D INPUT -p tcp --dport 80 -j ACCEPT

Deletion of all rules

To do this, use the command

iptables -F

Preservation of established rules

By default, all the rules that have been created are applied until the next reboot and will be deleted during it. To avoid this, let’s save the IPTables rules that we created. To do this, use the appropriate command.

iptables-save

It worked. The rules are saved and will be active even after restarting our server!

PreviousChange MTU ValueNext[DNS] Temporary failure resolving...

Last updated 11 months ago