On this page you find all important commands for the CLI tool iptables. If the
command you are looking for is missing please ask our AI.
iptables
iptables is used to configure Netfilter, the Linux kernel IP packet filter. Packet filters are commonly used in routers and firewalls.
iptables and Netfilter were introduced with the Linux kernel 2.4 and carried over unchanged into the kernel 2.6.
iptables itself is only used to communicate with Netfilter in the Linux kernel. A more modern alternative for this is Nft, which the Netfilter project also develops and maintains.
Articles in our magazine for iptables:
Firewall and secure servers
How do you get a server secure? There are many ways, but most of them involve the use of firewalls. In this small tutorial we show the use of iptables.
List of commands for iptables:
-
firewall:iptables:interface:allow:name Allow incoming traffic from specific network interface.$ sudo iptables -A INPUT -i ${interface_name} -j ACCEPTtry on your machineexplain this command
-
firewall:iptables:interface:block:name Block incoming traffic from specific network interface.$ sudo iptables -A INPUT -i ${interface_name} -j DROPtry on your machineexplain this command
-
firewall:iptables:ip-address:allow:address Allow incoming traffic from specific IP addresses.$ sudo iptables -A INPUT -s ${ip_address} -j ACCEPTtry on your machineexplain this command
-
firewall:iptables:ip-address:allow:destination-address Allow outgoing traffic to a specific IP address.$ sudo iptables -A OUTPUT -d ${ip_address} -j ACCEPTtry on your machineexplain this command
-
firewall:iptables:ip-address:block:address Block incoming traffic from specific IP addresses.$ sudo iptables -A INPUT -s ${ip_address} -j DROPtry on your machineexplain this command
-
firewall:iptables:ip-address:block:destination-address Block outgoing traffic to a specific IP address.$ sudo iptables -A OUTPUT -d ${ip_address} -j DROPtry on your machineexplain this command
-
firewall:iptables:outgoing:allow Allow outgoing traffic.$ sudo iptables -P OUTPUT ACCEPTtry on your machineexplain this command
-
firewall:iptables:outgoing:block-all Block all incoming traffic.$ sudo iptables -P INPUT DROPtry on your machineexplain this command
-
firewall:iptables:ports:allow:port Block a port from incoming traffic.$ sudo iptables -A INPUT -p tcp --dport ${port_number} -j ACCEPTtry on your machineexplain this command
-
firewall:iptables:ports:allow:port-range Block traffic on specific port range.$ sudo iptables -A INPUT -p tcp --dport ${starting_port_number}:${ending_port_number} -j DROPtry on your machineexplain this command
-
firewall:iptables:ports:block:port Block a port from incoming traffic.$ sudo iptables -A INPUT -p tcp --dport ${port_number} -j DROPtry on your machineexplain this command
-
firewall:iptables:protocol:allow:name Allow incoming traffic from specific protocol.$ sudo iptables -A INPUT -p ${protocol_name} -j ACCEPTtry on your machineexplain this command
-
firewall:iptables:protocol:block:name Block incoming traffic from specific protocol.$ sudo iptables -A INPUT -p ${protocol_name} -j DROPtry on your machineexplain this command
-
iptables:tldr:b1732 iptables: Append rule to chain policy for IP.$ sudo iptables -A ${chain} -s ${ip} -j ${rule}try on your machineexplain this command
-
iptables:tldr:d00ca iptables: Append rule to chain policy for IP considering protocol and port.$ sudo iptables -A ${chain} -s ${ip} -p ${protocol} --dport ${port} -j ${rule}try on your machineexplain this command
-
iptables:tldr:d9875 iptables: Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the host's public IP.$ sudo iptables -t ${nat} -A ${POSTROUTING} -s ${192-168-0-0-24} -j ${MASQUERADE}try on your machineexplain this command
-
iptables:tldr:e74eb iptables: Delete chain rule.$ sudo iptables -D ${chain} ${rule_line_number}try on your machineexplain this command
-
iptables:tldr:f71f6 iptables: Set chain policy rule.$ sudo iptables -P ${chain} ${rule}try on your machineexplain this command