Back to course

Configuring Basic iptables Rules (Linux Firewall Tool)

Cyber Security Mastery: From Zero to Hero

The Linux Firewall: iptables

iptables is the traditional command-line utility used to set up and manage the Netfilter firewall in Linux. It works by setting up rules in different chains (INPUT, OUTPUT, FORWARD).

Default Policy

Before setting rules, you define the default policy for the chain (usually DROP or ACCEPT). For high security, the default policy for the INPUT chain should be DROP.

bash iptables -P INPUT DROP

Basic Rule Syntax

bash iptables -A [CHAIN] -p [PROTOCOL] --dport [PORT] -j [TARGET]

Example 1: Allowing incoming SSH traffic (port 22)

bash iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Example 2: Dropping all traffic from a specific malicious IP

bash iptables -A INPUT -s 10.10.10.1 -j DROP

Note: On many modern Linux systems, firewalld or ufw are used as easier frontends to manage Netfilter, but iptables remains the underlying standard.