Iptables commands Full Guide: How to make our own Firewall

learn-about-the-iptables-commands-in-linux

Introduction to iptables commands

iptables commands is a powerful firewall utility that is commonly used in Linux systems. It allows you to configure and manage network traffic rules, including filtering, network address translation (NAT), and packet manipulation.

In short, iptables commands is a user-level program that controls the kernel-level network module called Netfilter.

Types of Tables in iptables

iptables commands support multiple tables, each serving a specific purpose and containing different chains. Here are the four main tables in iptables:

A) Filter Table (default)

Purpose: The filter table is the default table in iptables and is primarily used for packet filtering. It controls the flow of network packets based on criteria such as source/destination IP addresses, protocols, and ports.

Chains: The filter table has three built-in chains: INPUT (for incoming packets destined for the local system), OUTPUT (for outgoing packets originating from the local system), and FORWARD (for packets passing through the system).

2) NAT table

Purpose: The NAT (Network Address Translation) table is used for network address translation, which enables the modification of source or destination IP addresses and ports in packets as they traverse the firewall. It is commonly used for tasks like port forwarding and IP masquerading.

Chains: The NAT table has three built-in chains: PREROUTING (for packets arriving at the system before routing), POSTROUTING (for packets leaving the system after routing), and OUTPUT (for locally generated packets).

3) Mangle table

Purpose: The mangle table is used for specialized packet alteration and modification. It allows you to modify specific packet header fields, mark packets for special handling, and perform advanced packet manipulations.

Chains: The mangle table has five built-in chains: PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING. These chains correspond to the different stages of packet processing within the network stack.

4) Raw Table

Purpose: The raw table is used for configuring exemptions from connection tracking. It allows packets to bypass the connection tracking mechanisms, which is useful for certain advanced networking scenarios.

Chains: The raw table has four built-in chains: PREROUTING, OUTPUT, CT, and NOTRACK. The CT chain is used for connection tracking-related rules, and the NOTRACK chain is used for packets that should not be tracked.

These tables provide different functionalities and are utilized based on the specific requirements of the firewall configuration. When working with iptables, you can specify the table using the -t option followed by the table name, such as -t filter, -t nat, -t mangle, or -t raw.

It’s worth noting that there are additional tables available in certain scenarios or with specific kernel modules, but the four tables mentioned above are the primary ones used in most iptables configurations.

Types of Chains of iptables

In iptables, there are three main types of chains:

  1. Input Chain (INPUT): The INPUT chain is responsible for processing incoming packets destined for the local system. It includes traffic targeting services running on the system itself. Examples include packets sent to the system’s IP address for services like SSH, HTTP, or DNS.
  2. Output Chain (OUTPUT): The OUTPUT chain handles outgoing packets originating from the local system. It includes traffic generated by services or applications running on the system. Examples include responses to incoming requests, outgoing DNS queries, or web server responses.
  3. Forward Chain (FORWARD): The FORWARD chain manages packets that are being routed through the local system. It applies to packets that are neither destined for the local system nor generated by it. In other words, it handles packets being forwarded between different networks or interfaces on the system, such as acting as a router or a gateway.

In addition to these main chains, there are also some additional built-in chains in iptables that serve specific purposes:

  • Prerouting Chain (PREROUTING): The PREROUTING chain is used for Network Address Translation (NAT) and is processed before the routing decision is made. It allows you to modify packets before they are routed.
  • Postrouting Chain (POSTROUTING): The POSTROUTING chain is also used for Network Address Translation (NAT) and is processed after the routing decision. It allows you to modify packets before they leave the system.

When defining rules, you specify the chain to which the rule should be applied. For example, -A INPUT appends a rule to the INPUT chain, -A OUTPUT appends a rule to the OUTPUT chain, and -A FORWARD appends a rule to the FORWARD chain.

How iptables commands Works

iptables commands work by interacting with the netfilter framework in the Linux kernel to configure and manage firewall rules. Netfilter is a packet filtering subsystem that allows the manipulation of network packets as they pass through the network stack.

When an iptables command is executed, it modifies the ruleset within the netfilter framework, which determines how packets are handled. The ruleset consists of a set of chains, and each chain is a list of rules that packets traverse sequentially.

When a packet enters the network stack, it goes through various stages such as PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING. iptables commands are typically applied to one of these stages, depending on the desired action.

Here’s a simplified overview of how iptables commands work:

  1. Packet traversal: When a packet enters the network stack, it passes through different stages (chains) based on its direction and purpose.
  2. Rule matching: As the packet traverses a chain, iptables checks the packet against each rule in the chain sequentially. Each rule contains match criteria (e.g., source IP, destination port) that determine if the packet matches the rule.
  3. Action execution: If a packet matches a rule, the corresponding action defined in the rule’s target is executed. The action can be to accept the packet, drop it, reject it, log it, or perform some other custom action.
  4. Chain traversal: If the packet doesn’t match a rule or the action allows it to continue, it proceeds to the next chain/stage. This process continues until the packet reaches its destination or a rule explicitly drops or rejects it.
  5. Default policy: If a packet doesn’t match any rule in a chain, the default policy for that chain is applied. The default policy can be set to accept, drop, or reject packets that don’t match any rule.

It’s important to note that iptables rules are processed in a top-down manner, meaning that the order of rules within a chain is significant. The first matching rule determines the action taken, and subsequent rules are not evaluated for that packet.

Additionally, iptables rules can be stateful, meaning they can track the state of a connection. For example, you can allow incoming traffic for established connections and related packets, while blocking new or invalid connections.

By carefully crafting iptables rules, you can control network traffic, secure your system, implement network address translation (NAT), redirect packets, and perform various other network-related tasks.

Remember that iptables commands typically require administrative privileges to modify the firewall rules, so they are often executed with root or sudo access.

Types of the target in iptables commands

In iptables, a target refers to the action that is taken on a packet when it matches a rule. The following are some commonly used targets in iptables:

  1. ACCEPT: This target allows the packet to pass through the firewall and reach its destination. It effectively accepts the packet.
  2. DROP: When a packet matches a rule with the DROP target, it is silently discarded, and no response is sent back to the sender. The packet is effectively dropped.
  3. REJECT: Similar to the DROP target, the REJECT target discards the packet. However, it also sends a response back to the sender to inform them that the packet has been rejected.
  4. LOG: The LOG target is used to log information about the packet. When a packet matches a rule with the LOG target, it is logged to the system log files. This can be useful for monitoring and troubleshooting purposes.
  5. RETURN â€“ this rule sends the packet back to the originating chain so you can match it against other rules.

Installation

To install iptables use this command so that we can learn about these:

$ sudo apt-get install iptables

To check whether iptables is installed or not in the system check the version of the iptables

$ iptables -V
iptables v1.8.4 (legacy)

Syntax

The general syntax of the "iptables” command is as follows

$ iptables [options] <command> [chain] [rule-specification]

Here’s a breakdown of the different components:

  • iptables: The main command to manage firewall rules.
  • [options]: Optional flags or parameters that modify the behavior of the command.
  • <command>: Specifies the action to be performed on the firewall rules. Some commonly used commands are:
    • -A or --append: Appends a rule to a chain.
    • -D or --delete: Deletes a rule from a chain.
    • -I or --insert: Inserts a rule into a chain at a specific position.
    • -L or --list: Lists the rules in a chain.
    • -P or --policy: Sets the default policy for a chain.
  • [chain]: Specifies the chain to which the rule should be applied. Chains are predefined sets of rules that determine the fate of network packets. Some common chains are:
    • INPUT: For incoming packets to the local system.
    • OUTPUT: For outgoing packets from the local system.
    • FORWARD: For packets routed through the local system.
  • [rule-specification]: Specifies the details of the rule to be added, modified, or deleted. This can include various parameters such as source/destination IP addresses, protocols, ports, and actions to take.

Note: Please note that manipulating firewall rules using iptables requires root or superuser privileges.

Recent Articles on Computer Networks

  1. Introduction to Computer Networking | What is Computer Network
  2. What are Topology & Types of Topology in Computer Network
  3. What is FootPrinting in Cyber Security and its Types, Purpose
  4. Introduction to Cloud Computing | What is Cloud Computing
  5. Distributed Shared Memory and its advantages and Disadvantages
  6. What is VPN? How doe VPN Work? What VPN should I use?
  7. What is an Internet and How the Internet Works
  8. What is a Website and How Does a Website or web work?
  9. Introduction to Virus and different types of Viruses in Computer
  10. What is TCP and its Types and What is TCP three-way Handshake
  11. What is UDP Protocol? How does it work and what are its advantages?
  12. What is an IP and its Functions, What is IPv4 and IPv6 Address
  13. What is MAC Address and its Types and Difference MAC vs IP
  14. What is ARP and its Types? How Does it Work and ARP Format
  15. Sessions and Cookies and the Difference Between Them
  16. What is ICMP Protocol and its Message Format?
  17. What is Big Data? Characteristics and Types of Big Data
  18. Disciplines of CyberSecurity | What are the goals of CyberSecurity?
  19. What is Firewall, Features, Types and How does the Firewall Work?
  20. Network Scanning, Types, and Stealth Scan in Computer Network
  21. Cryptography and its Types in Ethical Hacking
  22. Tor Browser and How does it Work | Onion Router Tutorial
  23. Proxy Server, Advantages, Difference between Proxy Server & VPN

Recent Articles on Linux

  1. What is Linux Operating System | Introduction to Linux
  2. Directory in Linux Define | Linux Directory & its Commands
  3. Explain the chmod command in Linux | Linux chmod command
  4. Linux User Management || User Management in Linux
  5. Linux Computer Network Advanced Command | Network Command
  6. Redirection in Linux I/O| Linux I/O Redirection
  7. CronTab and Job Scheduling in Linux | Make CronTab Project
  8. Linux Firewall Unlock Rules with Firewall-cmd Tutorial
  9. netstat command in Linux | Linux netstat command
  10. SSH Command Full Guide with Practical | Linux SSH Service

By Vivek Maurya

Write blogs related to Ethical hacking, Computer networks, Linux, Penetration testing and Web3 Security.

Leave a Reply

Your email address will not be published. Required fields are marked *