Essentials: Common Firewall Rules and Commands

This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules that are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.

Getting Started

  • If you are just getting started with configuring your firewall.
  • Most of the rules that are described here assume that your iptables is set to drop incoming traffic, through the default input policy, and you want to selectively allow traffic in.
  • Use whichever subsequent sections are applicable to what you are trying to achieve. Most sections are not predicated on any other, so you can use the examples below independently.
  • Use the Contents menu on the right side of this page (at wide page widths) or your browser’s find function to locate the sections you need.
  • Copy and paste the command-line examples given, substituting the values in red with your own values.

Keep in mind that the order of your rules matter. All of these iptables commands use the -A option to append the new rule to the end of a chain. If you want to put it somewhere else in the chain, you can use the -I option which allows you to specify the position of the new rule (or simply place it at the beginning of the chain by not specifying a rule number).

Allow Loopback Connections

The loopback interface, also referred to as lo, is what a computer uses to for network connections to itself. For example, if you run ping localhost or ping 127.0.0.1, your server will ping itself using the loopback. The loopback interface is also used if you configure your application server to connect to a database server with a “localhost” address. As such, you will want to be sure that your firewall is allowing these connections.

Nulla facilisi. Etiam vehicula augue in gravida sodales. Proin sed sem nec nisi faucibus placerat. Donec euismod, diam in semper volutpat, dui ligula venenatis leo, eu lacinia tortor leo eget turpis. Praesent in vehicula felis. Nunc convallis gravida sollicitudin. In placerat dolor non porta pulvinar. Maecenas imperdiet porttitor rutrum. Vestibulum in dolor venenatis, placerat sem at, pellentesque nisi. Maecenas eu ex ornare est malesuada scelerisque a sit amet risus.

Nam eu est ac metus posuere rutrum. Curabitur elementum ac velit nec scelerisque. Proin turpis purus, maximus a dolor ac, rhoncus sagittis nisi. Sed sapien lacus, elementum sit amet nisl et, bibendum volutpat eros. Aliquam tempor eros mattis felis cursus ultricies. Vivamus quis hendrerit purus, vel gravida diam. Quisque placerat posuere tortor bibendum pretium. Ut tincidunt, ipsum non pretium pellentesque, nunc nisl auctor nibh, ac molestie est ipsum a urna. Cras ac erat a urna pretium vulputate at ut sem. In velit enim, hendrerit sed sapien id, sodales luctus nisl. Nunc sagittis non augue at vestibulum. Vestibulum sit amet pretium felis, sed varius justo. Nam at mi est. Cras eu consequat dolor. Phasellus non vestibulum nibh, vitae scelerisque tortor.

Basic Configuration

Integer at lectus augue. Ut feugiat odio felis. Nullam aliquet diam vel elit tempus aliquet. Phasellus mattis nec neque eu porta. Sed purus risus, tincidunt a mauris nec, placerat dapibus ipsum. Suspendisse facilisis convallis orci nec tincidunt. Nam posuere quis ipsum in tempus.

Duis volutpat a massa eu egestas. Duis ac lectus sollicitudin, bibendum augue sit amet, sollicitudin augue. Maecenas accumsan egestas dolor, non cursus massa imperdiet et. Praesent euismod nec dolor sit amet condimentum. Fusce vulputate sed enim sed egestas. Donec porta risus vulputate, sodales massa vitae, tempor purus. Aenean mattis bibendum elit, sit amet consequat dolor vitae.

Conclusion

That should cover many of the commands that are commonly used when configuring a firewall. Of course, iptables is a very flexible tool so feel free to mix and match the commands with different options to match your specific needs if they aren’t covered. Continue reading this guide at Digital Ocean. This article has been used as an example of an Ecko WordPress theme. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Harvey Specter has built a career and reputation by breaking the rules. Harvey's shoot-from-the-hip style has made him an effective lawyer and a slick character.

Install Tinc and VPN Setup on Debian & Ubuntu Simple HTTP Server in NodeJS Installing Nginx on Ubuntu 14.04 with Server Caching

View Comments

  • Comments which are made by the author are marked with the ‘Author’ tag, such as this one. Replies to posts are indented. Disqus comment support can be enabled via the theme options as an alternative to the default WordPress comments.


    • Replies are indented to the right of the original post, such as this one. Post administration and options can be managed via the default WordPress dashboard.


Getting Started with Version Control & GitHub
Next Post