Firewall

Iptables is a firewall tool in linux. A firewall is basically a tool that scans incoming and/or outgoing traffic. You can add rules to the iptables to filter for certain traffic.

Types of chains

So you can filter traffic in three different ways input, forward, and output. These are called three different chains.

INPUT → This is for incoming connections. If someone wants to ssh into your machine. Or a web-server responds to your request.

FORWARD → This chain is used for traffic that is not aimed at your machine. A router for example usually just passes information on. Most connections are just passing through.

OUTPUT →This chain is used for outgoing traffic.

Active rules

iptables -L → View active rules

Return iptables to default settings:

iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

iptables -A INPUT -s 192.168.1.30 -j DROP → Block an ip address (-A for append and -s for source)

iptables -A INPUT -s 192.168.1.0/24 -j DROP → Block an entire range

iptables -L -v --line-numbers → Output the rules with line-numbers

iptables -D INPUT 2 → Remove on specific rule

iptables -F → Remove all rules

sudo /sbin/iptables-save → Save changes made to iptables

Measuring bandwidth usage

iptables -L -v → List the rules with some verbosity

iptables -Z → Restart iptables count

iptables -F → Remove all the rules and FLUSH them

iptables -I INPUT 1 -p tcp -j ACCEPT → Add another rule