This document provides an overview of iptables, the Linux firewall. It explains that iptables contains tables which contain chains, and chains contain rules. The main tables are filter, nat, mangle, and raw. The filter table contains the INPUT, OUTPUT, and FORWARD chains. The nat table contains PREROUTING, POSTROUTING, and OUTPUT chains. Chains contain rules that define packet filtering criteria and targets. Understanding iptables' structure of tables, chains and rules is essential for effectively managing Linux firewall rules.
1. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 1 of 18
• Home
• About
• Free eBook
• Archives
• Best of the Blog
• Contact
Ads by Google Linux Server Firewall Linux Command Linux Download
Linux Firewall Tutorial: IPTables Tables, Chains, Rules
Fundamentals
by Ramesh Natarajan on January 24, 2011
2 46 Like 5
• Stum
iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to
setup and configure iptables will help you manage your Linux firewall effectively.
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
2. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 2 of 18
iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you
understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.
This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.
This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.
On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains
might contain multiple rules. Rules are defined for the packets.
So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
3. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 3 of 18
Fig: IPTables Table, Chain, and Rule Structure
Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.
I. IPTABLES TABLES and CHAINS
IPTables has the following 4 built-in tables.
1. Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following
built-in chains.
• INPUT chain – Incoming to firewall. For packets coming to the local server.
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
4. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 4 of 18
• OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
• FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.
2. NAT table
Iptable’s NAT table has the following built-in chains.
• PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the
system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on
the local server. This is used for DNAT (destination NAT).
• POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This
helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is
used for SNAT (source NAT).
• OUTPUT chain – NAT for locally generated packets on the firewall.
3. Mangle table
Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in
chains.
• PREROUTING chain
• OUTPUT chain
• FORWARD chain
• INPUT chain
• POSTROUTING chain
4. Raw table
Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.
• PREROUTING chain
• OUTPUT chain
The following diagram shows the three important tables in iptables.
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
5. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 5 of 18
Fig: IPTables built-in tables
II. IPTABLES RULES
Following are the key points to remember for the iptables rules.
• Rules contain a criteria and a target.
• If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
• If the criteria is not matached, it moves on to the next rule.
Target Values
Following are the possible special values that you can specify in the target.
• ACCEPT – Firewall will accept the packet.
• DROP – Firewall will drop the packet.
• QUEUE – Firewall will pass the packet to the userspace.
• RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the
calling chain.
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
6. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 6 of 18
If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example
shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain,
forward chain, and output chain.
# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Do the following to view the mangle table.
# iptables -t mangle --list
Do the following to view the nat table.
# iptables -t nat --list
Do the following to view the raw table.
# iptables -t raw --list
Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same.
# iptables -t filter --list
(or)
# iptables --list
The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table.
# iptables --list
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
7. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 7 of 18
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
The rules in the iptables –list command output contains the following fields:
• num – Rule number within the particular chain
• target – Special target variable that we discussed above
• prot – Protocols. tcp, udp, icmp, etc.,
• opt – Special options for that specific rule.
• source – Source ip-address of the packet
• destination – Destination ip-address for the packet
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
8. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 8 of 18
2 46 Like 5 Share Comment
• Stum
If you enjoyed this article, you might also like..
1. 50 Linux Sysadmin Tutorials • Awk Introduction Tutorial – 7 Awk Print Examples
2. 50 Most Frequently Used Linux Commands (With Examples) • Sed Tutorial: Advanced Sed Substitution Examples
3. Mommy, I found it! – 15 Practical Linux Find Command • 8 Essential Vim Editor Navigation Fundamentals
Examples • 25 Most Frequently Used Linux IPTables Rules Examples
4. Turbocharge PuTTY with 12 Powerful Add-Ons • Advanced Regular Expressions in Grep Command with 10
5. 15 Awesome Google Search Tips and Tricks Examples
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
9. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 9 of 18
Tags: IPTables Tutorials, Ubuntu IPTables Firewall, UNIX IPTables
{ 18 comments… read them below or add one }
1 Pushpraj January 24, 2011 at 12:56 am
very good….keep writing……
Thanks
Pushpraj
2 pupu January 24, 2011 at 3:22 am
Just note that DNAT and SNAT also stands for Dynamic and Static NAT, so don’t be confused when you read another text. Anyway,
nice article, thanks!
3 Rendy January 24, 2011 at 3:22 am
Thank You Ramesh…very clear!
4 vaisakh January 24, 2011 at 3:59 am
Excellent .. I was searching for a good article about the fundamentals of IPtable.. Thanks. Also waiting for next part
5 Ben January 24, 2011 at 9:42 am
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
10. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 10 of 18
Nice article, look forward to rest of the series. Any idea when others will be out?
6 p campbell January 24, 2011 at 10:07 am
Some of your articles are excellent for beginners but this is not a tutorial it is misnamed.
7 Waly DIOUF January 24, 2011 at 11:06 am
This website is sooooo what I just need at work. Good work Ramesh, you’re a genuis.
Thanks a lot
8 shakerlxxv January 24, 2011 at 12:49 pm
Great topic. Looking forward to the rest of the series.
9 R January 24, 2011 at 1:36 pm
Ramesh,
You might want to include tutorial on fwbuilder, its a nice gui interface and used to manage firewall on 100′s of hosts.
-R
10 shaheem January 25, 2011 at 1:21 am
great stuff. also waiting for the follow up!
11 artie January 25, 2011 at 2:12 pm
great read and informative. look forward to the follow up.
12 shezars January 28, 2011 at 2:28 am
very helpfullllllll,,,
wait, for your next part.
13 Will Knight January 31, 2011 at 10:07 am
Good tutorial, I find iptables complex to understand but you have made it so easy, Thanks.
14 abc February 4, 2011 at 1:51 am
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
11. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 11 of 18
Very Nice tutorial. Thanks
15 saran February 10, 2011 at 10:00 am
great starter to the series
plz continue with the tutorial
16 abdul jamal February 18, 2011 at 9:37 am
Nice job.I read it and got the concept where is confused.. i have some question and answers ,,u will help me out to be correct.
Q1: Rule the matches ssh traffic(tcp,22) arriving through interface eth0.
ans. iptables -A INPUT -i eth0 -p tcp –dport 22
OR
iptables -A INPUT -i eth0 -p tcp –sport 22
Q2: Rule that matches traffic to a DNS server (udp,53) from any address in the range 10.0.0.0-10.0.0.255
Ans: iptable -A INPUT -m iprange –src-range 10.0.0.0-10.0.0.255 -d 10.19.6.142 (dns server) -p udp –dport 53
Q3:Rule that matches traffic from any address in the range 10.0.0.1 to 10.0.0.6,inclusive.
Ans. iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6
Q4: Three rules that accept traffic from address 10.0.0.1 through 10.0.0.6, but drops traffic from 10.0.0.0 and 10.0.0.7 , without using
any extension matches.
Ans: iptable -A INPUT -s 10.0.0.0 -j DROP
iptable -A INPUT -s 10.0.0.7 -j DROP
iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6 -j ACCEPT
thanks for the correct and replying
17 Ishara Fernando July 8, 2011 at 12:38 am
Now only I understand the firewall concepts and the Iptable rules…
Each and every technique of explaining the theories are brilliant Mr.Ramesh… Keep it up.. We all Are with YOU…
18 OKELLO August 16, 2011 at 2:39 am
l think am beginning to understand the iptables, thanks man
Leave a Comment
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
12. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 12 of 18
Name
E-mail
Website
5
6
c
d
e
f
g Notify me of followup comments via e-mail
Submit
Previous post: Expect Script Tutorial: Expressions, If Conditions, For Loop, and While Loop Examples
Next post: 6 rsync Examples to Exclude Multiple Files and Directories using exclude-from
• Sign up for our free email newsletter you@address.com Sign Up
RSS Twitter Facebook
Search
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
13. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 13 of 18
•
• EBOOKS
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
14. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 14 of 18
•
• POPULAR POSTS
◦ 12 Amazing and Essential Linux Books To Enrich Your Brain and Library
◦ 50 UNIX / Linux Sysadmin Tutorials
◦ 50 Most Frequently Used UNIX / Linux Commands (With Examples)
◦ How To Be Productive and Get Things Done Using GTD
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
15. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 15 of 18
◦ 30 Things To Do When you are Bored and have a Computer
◦ Linux Directory Structure (File System Structure) Explained with Examples
◦ Linux Crontab: 15 Awesome Cron Job Examples
◦ Get a Grip on the Grep! – 15 Practical Grep Command Examples
◦ Unix LS Command: 15 Practical Examples
◦ 15 Examples To Master Linux Command Line History
◦ Top 10 Open Source Bug Tracking System
◦ Vi and Vim Macro Tutorial: How To Record and Play
◦ Mommy, I found it! -- 15 Practical Linux Find Command Examples
◦ 15 Awesome Gmail Tips and Tricks
◦ 15 Awesome Google Search Tips and Tricks
◦ RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams
◦ Can You Top This? 15 Practical Linux Top Command Examples
◦ Top 5 Best System Monitoring Tools
◦ Top 5 Best Linux OS Distributions
◦ How To Monitor Remote Linux Host using Nagios 3.0
◦ Awk Introduction Tutorial – 7 Awk Print Examples
◦ How to Backup Linux? 15 rsync Command Examples
◦ The Ultimate Wget Download Guide With 15 Awesome Examples
◦ Top 5 Best Linux Text Editors
◦ Packet Analyzer: 15 TCPDUMP Command Examples
◦ The Ultimate Bash Array Tutorial with 15 Examples
◦ 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
◦ Unix Sed Tutorial: Advanced Sed Substitution Examples
◦ UNIX / Linux: 10 Netstat Command Examples
◦ The Ultimate Guide for Creating Strong Passwords
◦ 6 Steps to Secure Your Home Wireless Network
◦ Turbocharge PuTTY with 12 Powerful Add-Ons
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
16. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 16 of 18
•
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011