Step-by-Step Guide to Installing and Configuring iptables on Linux

First, verify whether iptables is installed by running whereis iptables ; if the command returns a path, the package is present.

If it is not installed, use apt-get install iptables to install it.

Edit or create the firewall rule file (e.g., vi /etc/iptables.rules or vim /etc/sysconfig/iptables ) and add the desired rules. Typical sections include the filter table with default policies, common port allowances (e.g., -A INPUT -p tcp --dport 22 -j ACCEPT for SSH, -A INPUT -p tcp --dport 80 -j ACCEPT for HTTP, -A INPUT -p tcp --dport 443 -j ACCEPT for HTTPS), loopback acceptance, and ICMP handling (e.g., -A INPUT -p icmp --icmp-type echo-request -j ACCEPT ).

Important notes clarify that INPUT denotes inbound traffic, OUTPUT denotes outbound traffic, and REJECT blocks packets. To fully open outbound traffic, replace -A INPUT -j REJECT with -A OUTPUT -j ACCEPT .

After editing, load the configuration with iptables-restore < /etc/iptables.rules and verify it using iptables -L -n .

Common auxiliary steps include creating a symbolic link for the rc-local service ( ln -s /lib/systemd/system/rc-local.service /etc/systemd/system/ ), adding an Install section to /lib/systemd/system/rc-local.service , creating /etc/rc.local with the firewall startup command, granting execution permission ( chmod +x /etc/rc.local ), and loading the module with modprobe ip_tables .

Additional useful commands are provided for managing iptables: checking installation ( whereis iptables ), installing ( apt-get install iptables ), listing rules ( iptables -L -n ), setting default policies ( iptables -P INPUT ACCEPT ), flushing rules ( iptables -F ), deleting custom chains ( iptables -X ), zeroing counters ( iptables -Z ), allowing loopback ( iptables -A INPUT -i lo -j ACCEPT ), opening specific ports, permitting established connections, and setting default DROP policies for inbound, outbound, and forward traffic.

The article also shows how to whitelist specific IPs, block or unblock IPs using iptables -I INPUT -s <IP> -j DROP and iptables -D INPUT -s <IP> -j DROP , and finally save the rules with service iptables save before rebooting to ensure the firewall starts automatically.