May 28, 2018

Iptables

❑ Iptables is the traditional firewall program of Linux.
❑ iptables is not a service in Ubuntu 16.04 and is executed all the time. It is estimated to be parasitic to other services.
❑ I recommend to stop the firewalld and ufw services, if you want to use iptables neatly.

❑ The table of iptables : The functions of iptables. Related modules to implement the functions are loaded.
* Default table : Filter table.
❍ Filter : The table to perform filtering. It has INPUT, FORWARD and OUTPUT chain.
❍ Nat : The table to perform port forwarding. It has POSTROUTING and PREROUTING chain.
❍ Mangle : Table to change special packets before routing. It has PREROUTING, OUTPUT, INPUT, FORWARD and POSTROUTING chain.
❍ Raw : The table to perform settings related to connection tracking. It has PREROUTING and OUTPUT chain.
❍ Security : The table to perform MAC(Mandatory Access Control). It has INPUT, OUTPUT and FORWARD chain.

❑ How to use(iptables 1.6.0)
UsageDescription
# iptables-save > ~/[Rule file]
# iptables -F
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT
Disable iptables(Flush)
# iptables -P [Chain] [ACCEPT|REJECT|DROP]Change the default firewall rule for a chain.
# iptables -L [Chain] --line-numbersDisplay the firewall rules of the chain including line numbers.
# iptables -F [Chain]Delete all rules of the chain.
# iptables-save > [File path]Save all iptables rules.
# iptables-restore < [File path]Restore the saved iptables rules.
* If you append the "iptables-restore" command in the startup program (rc), the system load the firewall rules when it startup.
# iptables -[A|D] [Chain] -p [tcp|udp] -[s|d] [Source|Destination IP address] --[s|d]port [Source|Destination Port] -j [ACCEPT|REJECT|DROP]Append/Delete a firewall rule.
# iptables -I [Chain] [Rule number] ~~Insert a firewall rule to specific location.


Check environment
O      S Ubuntu 16.04 (64bit) CPU Intel i7-4710MQ 2.50GHz
SHELL GNU bash (4.3.48) RAM 1 GB