This is a wiki page. Be bold and improve it!
If you have any questions about the content on this page, don't hesitate to open a new ticket and we'll do our best to assist you.
Ubuntu iptables Howto:
First of all, it is important to understand the following hierarchy:
iptables is a list of tables. Each table contains several chains. Each chain is made of an ordered succession of rules. Rules are matched to traffic packets. Thus we have: iptables -> tables -> chains -> rules.
You don't need to create any table. 3 standard tables come out of the box. For a basic firewall set up, you'll only be dealing with the default 'filter' table.
See the top of the iptables manpage for a description of the standard tables.
To see the list of available tables:
The table 'filter' comes with three built-in chains: INPUT, FORWARD and OUTPUT. You may create your own custom chains to complement these for a more advanced set-up, but at the beginning, you'll only be adding rules to the INPUT and maybe OUTPUT chains.
In Red Had and derivative distributions, iptables is set up as a service, which is then easy to start and stop at will. For other distributions (Debian and derivatives, etc.), rules must be saved on file and then flushed from the system to disable the firewall. To enable it again, you must reload the rules from the file. Check the article Setting up your first firewall via SSH to understand how to start/stop the firewall.
If you get something like this:
$ service iptables status
iptables: unrecognized service
it's because iptables is not a service in distributions other than Red Had and its derivatives. See article linked above for details.
- The last rule should be to drop all packets.
-p, --protocol: When you don’t specify -p, by default “all” protocols will be used. It is not a good practice to use “all”, and always specify a protocol.
Issues related to this page:
|Project||Summary||Status||Priority||Category||Last updated||Assigned to|
|Linux server||iptables: what are counters? What is being coun…||active||normal||support request||8 years 43 weeks|
|Linux server||iptables vs. ip6tables. Do I need both?||active||normal||support request||8 years 43 weeks|
|Linux server||iptables-persistent install fail with monolithi…||active||minor||bug report||8 years 40 weeks|