Introduction to iptables: Concepts, Commands, and Practical Use Cases

iptables is a powerful Linux firewall management tool that operates at the network layer, allowing administrators to filter, forward, or redirect packets based on criteria such as source/destination IP, ports, and protocols.

The basic components are:

Chain : containers for rules (INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING).

Rule : a match condition plus an action (ACCEPT, DROP, REJECT).

Table : groups of chains; the most used are filter and nat .

Common iptables commands:

Show all rules: iptables -L

Add a rule: iptables -A <chain> <rule>

Delete a rule: iptables -D <chain> <rule>

Modify a rule (replace by number): iptables -R <chain> <rule_number> <new_rule>

Example: allow SSH (TCP port 22) on the INPUT chain: iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Practical case: securing jump‑hosts on CentOS 7 using the filter table and the INPUT chain.

Steps:

Stop and disable firewalld . systemctl stop firewalld systemctl disable firewalld

Install and enable iptables-services . yum install iptables-services systemctl enable iptables systemctl start iptables

Flush existing INPUT rules: iptables -F INPUT

Add specific access rules, e.g., allow a trusted IP, related/established connections, ICMP, DNS replies, and NTP replies. # Allow trusted IP iptables -A INPUT -s 192.168.4.168 -j ACCEPT # Allow related/established iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow ICMP iptables -A INPUT -p icmp -j ACCEPT # Allow DNS replies iptables -A INPUT -p udp --sport 53 -j ACCEPT # Allow NTP replies iptables -A INPUT -p udp --sport 123 -j ACCEPT

Set default INPUT policy to DROP to block everything else: iptables -P INPUT DROP

Verify the rule set: iptables -nL INPUT

Save the configuration so it persists after reboot: service iptables save

The article concludes with a reminder to like, share, and credit the source when reposting.