{"id":10817,"date":"2024-12-12T06:57:52","date_gmt":"2024-12-12T06:57:52","guid":{"rendered":"https:\/\/blog.trustedhosting.in\/?p=10817"},"modified":"2024-12-12T06:57:52","modified_gmt":"2024-12-12T06:57:52","slug":"how-to-configure-ip-firewall-in-linux","status":"publish","type":"post","link":"https:\/\/www.webystrata.com\/blog\/how-to-configure-ip-firewall-in-linux\/","title":{"rendered":"How to Configure IP Firewall in Linux"},"content":{"rendered":"
\"How<\/a>
\u00a0<\/figcaption><\/figure>\n

How to Configure IP Firewall in Linux<\/h1>\n

iptables<\/span><\/code>\u00a0is the name of the software firewall bundled with most UKFast Linux servers.<\/a><\/p>\n

Whilst we recommend that you use your hardware firewall for most things, it may still be helpful \/ necessary to be able to use\u00a0iptables<\/span><\/code>\u00a0for quickly blocking IP addresses or closing ports.<\/p>\n

As with most Linux packages, the man pages are a good place to start to learn more about the package and its usage, but if you\u2019re just looking to get up and running quickly, here are a few examples:<\/p>\n

\n

Command Structure<\/h2>\n
\n
\n
   iptables -I OUTPUT -p tcp -s 192.168.0.1 --dport 2020 -j ACCEPT<\/span>\r\n<\/pre>\n<\/div>\n<\/div>\n
The individual elements of the above commands are explained below<\/p>\n
    \n
  • iptables<\/span><\/code><\/strong>\n
    The command itself.<\/li>\n
  • -I<\/span><\/code><\/strong>\n
    Insert the new rule at the top of the chain.<\/p>\n
    IPTables rules are read in sequentially, so the order the rules are in is very important. If the rule you\u2019re adding doesn\u2019t need to be the first, can you alternatively use\u00a0-A<\/span><\/code>\u00a0to append it to the bottom of the chain or\u00a0-I<\/span>\u00a0{CHAIN}<\/span>\u00a0{LINE<\/span>\u00a0NUMBER}<\/span><\/code>\u00a0to insert it at a particular line number.<\/li>\n
  • OUTPUT<\/span><\/code><\/strong>\n
    The chain name.<\/p>\n
    There are 2 main chains that you\u2019ll likely be interested in,\u00a0INPUT<\/span><\/code>\u00a0and\u00a0OUTPUT<\/span><\/code>. Simply put, rules in\u00a0INPUT<\/span><\/code>\u00a0affect inbound traffic and rules in\u00a0OUTPUT<\/span><\/code>\u00a0affect outbound.<\/li>\n
  • -p<\/span><\/code><\/strong>\n
    The protocol that the rule relates to.<\/p>\n
    Valid protocols are\u00a0tcp<\/span><\/code>,\u00a0udp<\/span><\/code>\u00a0or\u00a0icmp<\/span><\/code><\/li>\n
  • -s<\/span><\/code><\/strong>\n
    Source IP address that the rule pertains to.<\/p>\n
    Can also be written longhand as\u00a0--source<\/span><\/code>\u00a0or\u00a0--src<\/span><\/code>.<\/p>\n
    Inversely, destination IP addresses can be specified with\u00a0-d<\/span><\/code>,\u00a0--destination<\/span><\/code>\u00a0or\u00a0--dst<\/span><\/code>.<\/p>\n
    Can also be given a range such as\u00a0192.168.0.0\/24<\/span><\/code>\u00a0or\u00a0192.168.0.0\/255.255.255.0<\/span><\/code>.<\/li>\n
  • --dport<\/span><\/code><\/strong>\n
    Destination port that the rule relates to.<\/p>\n
    Can also be written as\u00a0--destination-port<\/span><\/code>.<\/p>\n
    Alternatively, source port can be specified with\u00a0--sport<\/span><\/code>\u00a0or\u00a0--source-port<\/span><\/code>.<\/p>\n
    Ranges of ports can be specified with a\u00a0:<\/span><\/code>, for example\u00a01096:2999<\/span><\/code>.<\/li>\n
  • -j<\/span><\/code><\/strong>\n
    Chain to jump to when previous elements have been matched.<\/p>\n
    Basic chains that can be used here are\u00a0ACCEPT<\/span><\/code>,\u00a0DROP<\/span><\/code>\u00a0and\u00a0REJECT<\/span><\/code>.<\/p>\n
    ACCEPT<\/span><\/code>\u00a0will accept packet,\u00a0REJECT<\/span><\/code>\u00a0will deny packet and\u00a0DROP<\/span><\/code>\u00a0will result in it being silently dropped.<\/li>\n<\/ul>\n<\/section>\n
    \n
    List current rules<\/h2>\n
    \n
    \n
    iptables -vnL\r\n<\/pre>\n<\/div>\n<\/div>\n<\/section>\n
    \n
    Blocking a port<\/h2>\n
    \n
    \n
    iptables -I INPUT -p tcp --dport 6667<\/span> -j REJECT\r\n<\/pre>\n<\/div>\n<\/div>\n<\/section>\n
    \n
    Blocking an IP<\/h2>\n
    \n
    \n
    iptables -I INPUT -p tcp -s 1<\/span>.2.3.4 -j DROP\r\n<\/pre>\n<\/div>\n<\/div>\n<\/section>\n
    \n
    Blocking a port for a particular IP<\/h2>\n
    \n
    \n
    iptables -I OUTPUT -p tcp -s 192<\/span>.168.0.1 --dport 25<\/span> -j DROP\r\n<\/pre>\n<\/div>\n<\/div>\n
    \n
    The site\u00a0http:\/\/iptabl.es\u00a0can be used to generate IPTables rules without having to memorise the above syntax. Usage is explained on the frontpage, but a few examples are below:<\/p>\n
    curl<\/span>\u00a0iptabl.es\/drop\/2020\/8.8.8.8<\/span><\/code><\/p>\n
    http:\/\/iptabl.es\/accept\/25<\/p><\/blockquote>\n<\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"
    How to Configure IP Firewall in Linux iptables\u00a0is the name of the software firewall bundled with most UKFast Linux servers.…<\/p>\n","protected":false},"author":1,"featured_media":10818,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-10817","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/comments?post=10817"}],"version-history":[{"count":2,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10817\/revisions"}],"predecessor-version":[{"id":10821,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/posts\/10817\/revisions\/10821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media\/10818"}],"wp:attachment":[{"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/media?parent=10817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/categories?post=10817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webystrata.com\/blog\/wp-json\/wp\/v2\/tags?post=10817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}