iptables -L

Recently I decided to teach myself how to use iptables. The concept always made a lot of sense, however until I forced myself to actually use it, my understanding was incomplete. Iptables is a host based firewall implemented in Linux. INPUT defines what traffic can reach the host and OUTPUT defines what traffic can leave the host.

The iptables are typically found at /etc/sysconfig/iptables. You can open this file, as root with your favorite text editor, but it is much easier to interpret using the iptables -L command to list the rules. Saving your changes is accomplished with the command iptables-save.

To help you be more specific in your rule declarations, switches available that include –sport for source port, –dport for destination port -s for source, -d for destination and -p for protocol.

The -A switch appends the rule at the end of the list. The -I switch enters the rule as a rule number, the default being the first. The -D switch is used to remove a specific rule. Review the rules again with iptables -L to make sure the flow of the rules is what you expect. The alternative is to create a condition where a new rule may never execute. 

Examples:

#Create new rule to allow inbound traffic from time.nist.gov on port 123 to 192.168.1.200 on port 123
INPUT: iptables -I INPUT -s 192.43.244.18 –sport 123 -d 192.168.1.200 –dport 123 -j ACCEPT

#Create new rule to drop outbound traffic to www.cnn.com
OUTPUT: iptables -I OUTPUT -d 157.166.255.19  -j DROP

Useful links:
https://help.ubuntu.com/community/IptablesHowTo
http://wiki.centos.org/HowTos/Network/IPTables

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.