Linux iptables Guide - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux iptables Guide
Complete beginner-friendly guide to iptables on Linux, covering Arch Linux, CachyOS, and other distributions including rules, chains, and firewall configuration.
Table of Contents
- Understanding iptables
- iptables Installation
- Basic Rules
- Advanced Configuration
- Saving Rules
- Troubleshooting
Understanding iptables
What is iptables?
iptables is packet filtering firewall for Linux.
Components:
- Tables: filter, nat, mangle, raw
- Chains: INPUT, OUTPUT, FORWARD
- Rules: Match and target actions
Common tables:
- filter: Packet filtering (default)
- nat: Network address translation
- mangle: Packet modification
iptables Installation
Install iptables
Arch/CachyOS:
# Install iptables
sudo pacman -S iptables
# Install nftables (modern replacement)
sudo pacman -S nftables
Debian/Ubuntu:
sudo apt install iptables
Fedora:
sudo dnf install iptables-services
Basic Rules
Allow SSH
Allow SSH access:
# Allow SSH (port 22)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow Loopback
Allow localhost:
# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT
Default Policy
Set default policy:
# Deny all incoming
sudo iptables -P INPUT DROP
# Allow all outgoing
sudo iptables -P OUTPUT ACCEPT
# Deny forwarding
sudo iptables -P FORWARD DROP
Advanced Configuration
Allow HTTP/HTTPS
Web server rules:
# Allow HTTP
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Allow HTTPS
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Rate Limiting
Limit connections:
# Limit SSH connections
sudo iptables -A INPUT -p tcp --dport 22 -m connlimit --connlimit-above 3 -j REJECT
Saving Rules
Save Rules
Arch/CachyOS:
# Save rules
sudo iptables-save > /etc/iptables/iptables.rules
# Restore rules
sudo iptables-restore < /etc/iptables/iptables.rules
# Auto-restore on boot
sudo systemctl enable iptables
Debian/Ubuntu:
sudo netfilter-persistent save
Fedora:
sudo service iptables save
Troubleshooting
Check Rules
List rules:
# List all rules
sudo iptables -L -v -n
# List with line numbers
sudo iptables -L -v -n --line-numbers
# List specific chain
sudo iptables -L INPUT -v -n
Delete Rules
Remove rules:
# Delete by line number
sudo iptables -D INPUT 1
# Delete specific rule
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
Summary
This guide covered iptables configuration for Arch Linux, CachyOS, and other distributions, including basic and advanced rules.
Next Steps
- Firewall Configuration - Firewall setup
- Security Configuration - Security
- ArchWiki iptables: https://wiki.archlinux.org/title/iptables
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.