Configuring iptables manually is challenging for the uninitiated. Fortunately, there are many configuration tools available to assist: e.g., fwbuilder, bastille, and ufw. First Concepts:Packet: a logical container representing the flow of dataProtocol: a language and set of rules that network devices operate byPort: a numerical designation representing a particular protocol

Iptables rules:

MANGLERules to modify the packetsNAT (Network Address Translation)PREROUTINGPOSTROUTINGFILTERINPUTOUTPUTFORWARD

The iptables rules manage the packets of a specific protocol, for example, if you want to deny an internet connection iptables can do it.

Iptables Configuration

See what rules are already configured.

iptables -L

This allows anyone accesses to anything from anywhere. Delete the rules of iptables # iptables -F Policies

a. ACCEPT Allow the traffic

b. DROP Deny the traffic

For example: if the default policies of INPUT are DROP, the firewall denies all the internet traffic. If you want to change the policies you can do it with the following command:

iptables -P CHAIN POLITICS

Protecting your system: Rules Setting the INPUT to DROP Allowing the packets from your LAN (first, you must know the local IP address using the ‘ifconfig’ command).

iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT

Allowing the internet traffic

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Allowing all outbound traffic

iptables -A OUTPUT -j ACCEPT

Allowing HTTP and HTTPS connections from anywhere (the normal ports for websites

iptables -A INPUT -p tcp –dport 80 -j ACCEPT

iptables -A INPUT -p tcp –dport 443 -j ACCEPT

Allowing SSH connections. The –dport number is the same as in /etc/ssh/sshd_confi

iptables -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT

Blocking an ip address with iptables The Politics for INPUT must be DROP Add a new rule to drop the traffic for the correspondent ip address (archlinux.org ip)

iptables -A INPUT -s 66.211.214.131 -j DROP

Add a new rule to allow the rest of the internet traffic (All the rules to drop traffic must be created before this rule

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Common iptables options:

Iptables has a lot of possibilities, but this is a basic tutorial if you want to know more information about iptables you can follow these links:http://netfilter.org/documentation/ https://wiki.debian.org/iptables https://wiki.archlinux.org/index.php/Iptables http://www.faqs.org/docs/linux_network/x-087-2-firewall.future.html

Iptables rules:#

Iptables Configuration#

iptables -L#

iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT#

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT#

iptables -A OUTPUT -j ACCEPT#

iptables -A INPUT -p tcp –dport 80 -j ACCEPT#

iptables -A INPUT -p tcp –dport 443 -j ACCEPT#

iptables -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT#

iptables -A INPUT -s 66.211.214.131 -j DROP#

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT#

Common iptables options:#

Iptables rules:

Iptables Configuration

iptables -L

iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -j ACCEPT

iptables -A INPUT -p tcp –dport 80 -j ACCEPT

iptables -A INPUT -p tcp –dport 443 -j ACCEPT

iptables -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT

iptables -A INPUT -s 66.211.214.131 -j DROP

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Common iptables options: