James's Ramblings

Cookies

iptables

Created: April 29, 2018

iptables -t [TABLE_TYPE] [DIRECTION] [PACKET_PATTERN] [ACTION]

In RHEL 8, iptables has been replaced by iptables. All iptables commands are symlinks to a nftables compatibility layer.

TABLE_TYPE

TABLE_TYPE can be either filter or nat.
Without the -t flag, the default is filter.

DIRECTION

Direction is both a flag and an argument. The argument represents either the INPUT, OUTPUT or FORWARD chain.

Flags

-A (–apend) Append a rule to the end a chain.
-D (–delete) Deletes a rule. Specify the rule by the number or the packet pattern.
-L (–list) Lists currently configured rules in the chain.a
-F (–flush) Flushes (deletes) all the rules in the current iptables chain.

Arguments/Chains

INPUT: the chain for all incoming packets.
OUTPUT: the chain for all outgoing packets.
FORWARD: all packets incoming packets that are intended to be forwarded (routed) to another computer.

PACKET_PATTERN

The simplest pattern is by IP address.
-s: all packets are checked for specific source IP address.
-d: all packets are checked for a specific destination IP address.
-p: protocol
–dport: destination port

Action

DROP: the packet is dropped. No mesage is sent to the requesting computer.
REJECT: the packet is dropped. An error message is sent to the requesting computer.
ACCEPT: the packet is allowed to proceed as specified with the -A action: INPUT, OUTPUT or FORWARD.