Forrest logo
tool overview
On this page you find all important commands for the CLI tool iptables. If the command you are looking for is missing please ask our AI.

iptables

iptables is used to configure Netfilter, the Linux kernel IP packet filter. Packet filters are commonly used in routers and firewalls.

iptables and Netfilter were introduced with the Linux kernel 2.4 and carried over unchanged into the kernel 2.6.

iptables itself is only used to communicate with Netfilter in the Linux kernel. A more modern alternative for this is Nft, which the Netfilter project also develops and maintains.

Articles in our magazine for iptables:

Firewall and secure servers

How do you get a server secure? There are many ways, but most of them involve the use of firewalls. In this small tutorial we show the use of iptables.

List of commands for iptables:

  • firewall:iptables:interface:allow:name Allow incoming traffic from specific network interface.
    $ sudo iptables -A INPUT -i ${interface_name} -j ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:interface:block:name Block incoming traffic from specific network interface.
    $ sudo iptables -A INPUT -i ${interface_name} -j DROP
    try on your machine
    explain this command
  • firewall:iptables:ip-address:allow:address Allow incoming traffic from specific IP addresses.
    $ sudo iptables -A INPUT -s ${ip_address} -j ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:ip-address:allow:destination-address Allow outgoing traffic to a specific IP address.
    $ sudo iptables -A OUTPUT -d ${ip_address} -j ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:ip-address:block:address Block incoming traffic from specific IP addresses.
    $ sudo iptables -A INPUT -s ${ip_address} -j DROP
    try on your machine
    explain this command
  • firewall:iptables:ip-address:block:destination-address Block outgoing traffic to a specific IP address.
    $ sudo iptables -A OUTPUT -d ${ip_address} -j DROP
    try on your machine
    explain this command
  • firewall:iptables:outgoing:allow Allow outgoing traffic.
    $ sudo iptables -P OUTPUT ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:outgoing:block-all Block all incoming traffic.
    $ sudo iptables -P INPUT DROP
    try on your machine
    explain this command
  • firewall:iptables:ports:allow:port Block a port from incoming traffic.
    $ sudo iptables -A INPUT -p tcp --dport ${port_number} -j ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:ports:allow:port-range Block traffic on specific port range.
    $ sudo iptables -A INPUT -p tcp --dport ${starting_port_number}:${ending_port_number} -j DROP
    try on your machine
    explain this command
  • firewall:iptables:ports:block:port Block a port from incoming traffic.
    $ sudo iptables -A INPUT -p tcp --dport ${port_number} -j DROP
    try on your machine
    explain this command
  • firewall:iptables:protocol:allow:name Allow incoming traffic from specific protocol.
    $ sudo iptables -A INPUT -p ${protocol_name} -j ACCEPT
    try on your machine
    explain this command
  • firewall:iptables:protocol:block:name Block incoming traffic from specific protocol.
    $ sudo iptables -A INPUT -p ${protocol_name} -j DROP
    try on your machine
    explain this command
  • iptables:tldr:b1732 iptables: Append rule to chain policy for IP.
    $ sudo iptables -A ${chain} -s ${ip} -j ${rule}
    try on your machine
    explain this command
  • iptables:tldr:d00ca iptables: Append rule to chain policy for IP considering protocol and port.
    $ sudo iptables -A ${chain} -s ${ip} -p ${protocol} --dport ${port} -j ${rule}
    try on your machine
    explain this command
  • iptables:tldr:d9875 iptables: Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the host's public IP.
    $ sudo iptables -t ${nat} -A ${POSTROUTING} -s ${192-168-0-0-24} -j ${MASQUERADE}
    try on your machine
    explain this command
  • iptables:tldr:e74eb iptables: Delete chain rule.
    $ sudo iptables -D ${chain} ${rule_line_number}
    try on your machine
    explain this command
  • iptables:tldr:f71f6 iptables: Set chain policy rule.
    $ sudo iptables -P ${chain} ${rule}
    try on your machine
    explain this command
tool overview