Iptables Introduction | A Beginner’s iptables Tutorial

Iptables is one of the most advanced tools for administering networks in Linux. Moreover, this has been used as a firewall since the software allows a system administrator to configure the rules and chains with the tables provided by the Linux kernel system. This post will go through simple use-cases of iptables like how to block an IP address.

Know your tools – An intro to iptables

Iptables is just like any other Linux tool in the plate. It was developed by Rusty Rusell and the Netfilter Core team during the 90s. This utility program is specifically designed to handle IPv4 addresses. However, iptables is just one of the other tools with the -table suffix. It joins its other tools like arptables for ARP and ip6tables for IPv6.

firewall

The iptables tool works as root, so take full precaution when using this tool. Also be cautious when granting anyone the privileges to use it.

Using iptables

Iptables has a variety of use-cases. Although for newcomers, learning iptables can prove a bit tricky at first.

For the discerning beginner – using iptables seems like a daunting and lengthy task. But it’s a essential skill anyone needs to pick up when owning a server.

iptables guide - how it works

Most of the use-cases boil down to the following:

  • Blocking addresses from accessing your server – this is required to prevent brute force attackers trying to brute-force your server’s SSH.
  • Packet filtering for your server  (wow, that’s some Networking jargon!). Packet filtering allows you to analyze what comes in and out of your server.

server packets

Packets, as defined in networking, are streams of outgoing or incoming data in the network.

Here are a few examples of iptables in action

Blocking an IP address

how to block an IP address

  1. Begin by logging as root. (If you’re not signed in as a root user, you’ll need to make sure you have sudo privileges on that user)
  2. Once confirmed that you have sudo privileges, run this command:

    iptables -A INPUT -s IP-ADDRESS -j DROP
    where IP-ADDRESS is the IP address you want to block.
  3. Your server will now bar this IP address when it attempts to connect.

Whitelisting traffic

  1. Login as root or assure that you have sudo permissions.
  2.  run the following:

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


    iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT


    iptables -P INPUT DROP


    iptables -P FORWARD DROP
  3. Your server should now accept requests from the 12.168.1.0/24 CIDR block (whoa, Networking jargon again!).

Iptables works where you least expect it

Some tools in Linux use iptables in the backend. One very striking example of it is fail2ban. Fail2ban uses iptables to temporarily block anyone who will enter the incorrect SSH password on a specific interval.

iptables on fail2ban

Another example is firewalld. Firewalld, as its name implies, is a firewall management tool for Linux, and it uses iptables behind the curtains, so you don’t need to.

A beginner’s Iptables guide – Conclusion

Iptables is a powerful tool on its own. While this is configuration-heavy,  some power users use it directly to fine-tune their network configuration.

iptables tutorial conclusion

It is not recommended you use iptables if you are inexperienced with Linux networking. It’s important to take time to study how networking works in Linux before you begin to use iptables. However, if you’re ready to dive deeper into some more iptables tutorials, there are some more in-depth guides available online.

 

Host a Linux Server

(Visited 42 times, 1 visits today)

Share this post with your friends

Share on facebook
Share on twitter
Share on linkedin