Iptables – Linux kernel firewall

Iptables is a standard command-line firewall utility included in most Linux distributions by default. It uses policy chains to allow or block traffic.  It is actually a front end to the kernel-level netfilter hooks that can manipulate the Linux network stack. It works by matching each packet that crosses the networking interface against a set of rules to decide what to do.

When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action. There are three chains defined by default. They are INPUT, OUTPUT and FORWARD

To see what your policy chains are currently configured to do with unmatched traffic, run the iptables -L command.

# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

INPUT – All packets destined for the host computer.
OUTPUT – All packets originating from the host computer.
FORWARD – All packets neither destined for nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router.

Policy Chain Default Behavior

By default it is “ACCEPT”, you can see the same using iptables -L ( see the above image for details ). In this case, without any rules all the ports and connections are open and we need to add rules for blockign the requests.

If required to block all connections except some specific rules, then we can set default policy to “DROP” and add accept rules as per your requirement.
Connection-specific Responses

Accept – Allow the connection.

Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.

Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

Simple rule to block incoming and outgoing connections to one ip.

iptables -A INPUT -s 192.168.1.1 -j DROP
iptables -A INPUT -d 192.168.1.1 -j DROP

Above rule explained

-A rule append
-s source address
-d destination address
-j target for rule

CSF and APF

APF and CSF both aren’t firewalls, they are just the utilities to control iptables, the actual firewall.

ConfigServer Firewall (csf)is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations.

About Suhesh KS 24 Articles
Mr. Suhesh KS is Linux System Administrator by profession with 11 Years of work experience in Linux system administration in web hosting, data center and data warehousing industry and have worked with reputed support companies. He has wide range of skills include team management, system administration ( Linux ), programming ( bash, perl, php, java ), web hosting, data center support, seo analysis.