Introduction to iptables

iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets. Wikipedia provides a good overview of iptables.

Installing iptables

Before we start configuring iptables, we need to ensure that it’s installed on our Linux system. Most Linux distributions come with iptables pre-installed. If not, you can install it using the package manager of your Linux distribution.

On Ubuntu/Debian:

sudo apt-get update
sudo apt-get install iptables


sudo yum install iptables-services

Understanding iptables Tables and Chains

iptables operates on a set of tables. Each table contains a number of built-in chains and may also contain user-defined chains.

Table Description
Filter This is the default table (if no -t option is passed). It contains the built-in chains INPUT (for packets destined to local sockets), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).
NAT This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out).
Mangle This table is used for specialized packet alteration. Until kernel 2.4.17 it had two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing).

Configuring iptables Rules

Now that we have a basic understanding of iptables, let’s move on to configuring some basic rules. Remember, configuring iptables requires root privileges, so make sure to use ‘sudo’ before each command if you’re not logged in as the root user.

Allowing Established Sessions

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Allowing Incoming SSH

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Saving iptables Rules

By default, rules added to iptables are volatile and lost after a system reboot. To save them permanently, you can use the iptables-persistent package on Debian-based systems or the service iptables save command on RedHat-based systems.

On Ubuntu/Debian:

sudo apt-get install iptables-persistent
sudo netfilter-persistent save


sudo service iptables save


This guide has provided a basic introduction to iptables and how to configure it on a Linux system. Remember, iptables is a powerful tool, and with great power comes great responsibility. Always ensure you understand a rule before adding it to your firewall configuration. For more detailed information, check out the Netfilter Documentation.