Iptables is a standard command-line firewall utility included in most Linux distributions by default. It uses policy chains to allow or block traffic. It is actually a front end to the kernel-level netfilter hooks that can manipulate the Linux network stack. It works by matching each packet that crosses the networking interface against a set of rules to decide what to do.
When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action. There are three chains defined by default. They are INPUT, OUTPUT and FORWARD
To see what your policy chains are currently configured to do with unmatched traffic, run the iptables -L command.
# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
INPUT – All packets destined for the host computer.
OUTPUT – All packets originating from the host computer.
FORWARD – All packets neither destined for nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router.
Policy Chain Default Behavior
By default it is “ACCEPT”, you can see the same using iptables -L ( see the above image for details ). In this case, without any rules all the ports and connections are open and we need to add rules for blockign the requests.
If required to block all connections except some specific rules, then we can set default policy to “DROP” and add accept rules as per your requirement.
Accept – Allow the connection.
Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.
Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.
Simple rule to block incoming and outgoing connections to one ip.
iptables -A INPUT -s 192.168.1.1 -j DROP iptables -A INPUT -d 192.168.1.1 -j DROP
Above rule explained
-A rule append -s source address -d destination address -j target for rule
CSF and APF
APF and CSF both aren’t firewalls, they are just the utilities to control iptables, the actual firewall.
ConfigServer Firewall (csf)is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations.