❑ Iptables is the traditional firewall program of Linux.
❑ iptables is not a service in Ubuntu 16.04 and is executed all the time. It is estimated to be parasitic to other services.
❑ I recommend to stop the firewalld and ufw services, if you want to use iptables neatly.
❑ The table of iptables : The functions of iptables. Related modules to implement the functions are loaded.
* Default table : Filter table.
❍ Filter : The table to perform filtering. It has INPUT, FORWARD and OUTPUT chain.
❍ Nat : The table to perform port forwarding. It has POSTROUTING and PREROUTING chain.
❍ Mangle : Table to change special packets before routing. It has PREROUTING, OUTPUT, INPUT, FORWARD and POSTROUTING chain.
❍ Raw : The table to perform settings related to connection tracking. It has PREROUTING and OUTPUT chain.
❍ Security : The table to perform MAC(Mandatory Access Control). It has INPUT, OUTPUT and FORWARD chain.
❑ How to use(iptables 1.6.0)
Usage | Description |
# iptables-save > ~/[Rule file] # iptables -F # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT | Disable iptables(Flush) |
# iptables -P [Chain] [ACCEPT|REJECT|DROP] | Change the default firewall rule for a chain. |
# iptables -L [Chain] --line-numbers | Display the firewall rules of the chain including line numbers. |
# iptables -F [Chain] | Delete all rules of the chain. |
# iptables-save > [File path] | Save all iptables rules. |
# iptables-restore < [File path] | Restore the saved iptables rules.
* If you append the "iptables-restore" command in the startup program (rc), the system load the firewall rules when it startup.
|
# iptables -[A|D] [Chain] -p [tcp|udp] -[s|d] [Source|Destination IP address] --[s|d]port [Source|Destination Port] -j [ACCEPT|REJECT|DROP] | Append/Delete a firewall rule. |
# iptables -I [Chain] [Rule number] ~~ | Insert a firewall rule to specific location. |
Check environment | |||
O S | Ubuntu 16.04 (64bit) | CPU | Intel i7-4710MQ 2.50GHz |
SHELL | GNU bash (4.3.48) | RAM | 1 GB |