What is iptables in Linux? Introduction to iptables – Unix/Linux

What is iptables?

We can call, it’s the basics of Firewall for Linux. Iptables is a rule based firewall system and it is normally pre-installed on a Unix operating system which is controlling the incoming and outgoing packets. By-default the iptables is running without any rules, we can create, add, edit rules into it.

Here I am trying to explain the basics of iptables with some common practices.

Hope, this topic will give you the basics of iptables.

Basic structure of iptables

The default structure of  iptables is like, Tables which has Chains and the Chains which contains Rules.

Tables —> Chains —> Rules. The rules are defined to control the packets for Input/Output.

iptables1

List of different Tables in iptables structure

Here is list of iptables Tables and corresponding Chains.

Tables

1. Filter Table

It is the default table in iptables. There is no need to specify the table name for defining the Rules. Different inbuilt chains in this table.

1.1 INPUT Chain

INPUT Chain is for managing packets input to the server. Here we can add Rules to control INPUT connections from remote to the server.

1.2 FORWARD Chain

To add Rules to manage packet connections from one network interface(NIC) to another on the same machine.

1.3 OUTPUT Chain

The OUTPUT Chain control packets from the server to outside. Here we can add different rules to manage outbound connection from the server.

2. NAT table

Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. The default inbuilt chains for NAT tables are;

2.1 PREROUTING chain

As the name indicates its translate packets before routing.

2.2 POSTROUTING chain

Translate packets after routing completes.

2.3 OUTPUT chain

3. Mangle table

This table is used for packet alternation. Different inbuilt chains are;

3.1 PREROUTING chain
3.2 OUTPUT chain
3.3 FORWARD chain
3.4 INPUT chain
3.5 POSTROUTING chain

A graphical view:

iptables2

IPtables command to list Rules in all tables (Filter, NAT, Mangle)

Yes, it is very important to find the current rules in the chains of the iptables tables. The iptables has a wide verity of switches to manage this via CLI. For listing rules in different tables we can use the switch “–list” along with switch “-t” to select the iptables tables. Here is some usages and examples are listed.

-t : For define tables.
–list : For list all rules from the selected table.

How/command to list all rules from the Filter table of iptables?

As I mentioned, the filter table is the default Iptables table. We can simply mange this table with out specifying the table name. See the examples pasted.

Syntax:

iptables -t filter --list
or
iptables -t filter -L

Or simply;

iptables --list
or
iptables -L

Sample output:

root@test [~]# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
acctboth   all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

How/command to list all rules from the NAT table of iptables?

We need to mention the table name with the help of the switch “-t” to manage the rules excluded the Filter table.

Use -t followed by the table name “nat” to mange rules in the NAT table.

Syntax:

iptables -t nat --list
or
iptables -t nat -L

Example:

root@test [~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

How/command to list all rules from the Mangle table of iptables?

Replace the -t section with “mangle” to mange the Mangle table of iptables.

Syntax:

iptables -t mangle --list
or
iptables -t mangle -L

Example:

root@test [~]# iptables -t mangle --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

That’s it.

Related Topics:

1. How to save/backup existing iptables rules to a file
2. How to allow/block PING on Linux server – IPTables rules for icmp

Arunlal Ashok

Sr. Linux Server Administrator. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Check My Profile in uPwork (oDesk) and create a job, if you need any administration help. Thanks!!

You may also like...

10 Responses

  1. Dr. Masih Saikia says:

    Very Good and valuable notes written by the Respected Author. Certainly, obviously he/she has read and studied a lot to preparing this valuable notes, which may be very useful to the 6th semester of my B.Sc. Major in Computer Science as well as the B.C.A. students.

    Thanks a lot and best wishes for your kind effort !

  2. JAYASHREE says:

    VERY HELPFUL. GOOD JOB. THANK YO FOR THIS NOTE.

  3. Bobby Thomas says:

    Recently while in the middle of doing performance testing, one day my weblogic cluster stopped working. Admin node was not able to communicate with different managed nodes on different machine. I got an error saying “java.net.NoRouteToHostException”. After spending almost a day, i cleared the iptables rules and everything started working. You mentioned that by default iptables is running without any rules. I don’t know how rules got added to the iptables(maybe someone from network team or other team members…. Do not know).

    Later i wanted to read more about iptables and came across this article. This article is very simple to understand. You have placed couple of diagrams which summarizes everything. And very important basic commands. Thanks a lot Arunlal.

  4. shirin says:

    Hello
    I need to your help in interdiuse iptables .I have presen of MUM in dubai at 18 Oct and Im not ready .I FROM IRAN

  5. Junaid says:

    Well done. Good strugle on this.actually i wslas searching like these information.i got very good information from this article.

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *