Absolute Basics of Using iptables on Ubuntu

While UFW is easy to configure and maintain, for advanced control, you can use the classic tool iptables.

In this tutorial, I will walk you through the basics of the iptables. If you are using Ubuntu, the iptables come pre-installed, so you don't need to do anything to install it.

List iptables rules

So let's start with how you can list the existing rules:

sudo iptables -L

And if you notice carefully, by default, it is configured to accept traffic.

Now, let's have a look at how you can add rules to fine-tune your network.

Add rules to the iptables

While learning more about iptables, you will come across a term named chains.

Chains are nothing but a firewall rule in sequence and your firewall will behave accordingly.

You can apply the rule at the top of the chain using the -I  flag and if you want to add your rule at the bottom, you will use the -A flag.

Allow port using iptables

To allow traffic from the specific port, you will have to use the following command syntax:

sudo iptables -A INPUT -p [protocol] --dport [port_no] -j ACCEPT

Now, let's have a look at used flags:

• -A will add the rule to the end of the chain
• INPUT is used to make rules for incoming traffic
• -p is used to specify the protocol
• --dport is used to specify the destination port
• -j allows you to specify the action

For example, if I want to allow the HTTP (uses port no. 80) then I will be using the following:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Deny traffic from port

To deny traffic from a specific port, all you have to do is execute the command in shown syntax:

sudo iptables -A INPUT -p [protocol] --dport [port_no] -j DROP

So let's say I want to block port no 443 (HTTPs) then I will be using the following:

sudo iptables -A INPUT -p tcp --dport 443 -j DROP

Allow traffic from specific IP

If you have the IP addresses of trusted sources, you can allow traffic from them.

To allow traffic from a specific IP, execute the command in a similar fashion to the given syntax:

sudo iptables -A INPUT -s [IP_Address] -j ACCEPT

Here, -s is used to specify the source.

For your reference, here, I allowed traffic from 192.168.1.10:

sudo iptables -A INPUT -s 192.168.1.10 -j ACCEPT

Deny traffic from a specific IP

You can deny traffic from specific IPs with a slight change in the above command.

Here, you will have to use DROP instead of ACCEPT:

sudo iptables -A INPUT -s 192.168.1.20 -j DROP

Similarly, you can specify the entire subnet:

sudo iptables -A INPUT -s 192.168.1.20/24 -j DROP

Delete iptables rules

The procedure to remove rules from iptables is quite similar to how you remove rules from the UFW firewall.

First, list the available rules in numbered manner:

sudo iptables -L --line-numbers

Once you know which one to remove, execute the command in the given fashion:

sudo iptables -D [INPUT/FORWARD/OUTPUT] [Number]

Let's say I want to remove 4th rule, then I will be using the following command:

sudo iptables -D INPUT 4

Save changes in iptables

In case you are wondering why you have to save changes, let me tell you why.

The iptables are saved in memory so when you reboot the system, the changes will be wiped down.

To save iptables in the current state, use the following command:

sudo /sbin/iptables-save

Using UFW? Learn more about logging

If you love using UFW, we have a detailed guide on how you can get the most out of UFW using logs:

How to Check Firewall Logs in Ubuntu

Checking the firewall logs can tell you about the critical details for network security. Here’s how to check UFW firewall logs in Ubuntu.

Learn UbuntuSagar Sharma

I hope you will find this guide helpful.

And if you have any queries, let me know in the comments.