Skip to content

Linux iptables Guide

Jump to bottom
Mattscreative edited this page Dec 5, 2025 · 2 revisions

Linux iptables Guide

Complete beginner-friendly guide to iptables on Linux, covering Arch Linux, CachyOS, and other distributions including rules, chains, and firewall configuration.

Table of Contents

  1. Understanding iptables
  2. iptables Installation
  3. Basic Rules
  4. Advanced Configuration
  5. Saving Rules
  6. Troubleshooting

Understanding iptables

What is iptables?

iptables is packet filtering firewall for Linux.

Components:

  • Tables: filter, nat, mangle, raw
  • Chains: INPUT, OUTPUT, FORWARD
  • Rules: Match and target actions

Common tables:

  • filter: Packet filtering (default)
  • nat: Network address translation
  • mangle: Packet modification

iptables Installation

Install iptables

Arch/CachyOS:

# Install iptables
sudo pacman -S iptables

# Install nftables (modern replacement)
sudo pacman -S nftables

Debian/Ubuntu:

sudo apt install iptables

Fedora:

sudo dnf install iptables-services

Basic Rules

Allow SSH

Allow SSH access:

# Allow SSH (port 22)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow Loopback

Allow localhost:

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT

Default Policy

Set default policy:

# Deny all incoming
sudo iptables -P INPUT DROP

# Allow all outgoing
sudo iptables -P OUTPUT ACCEPT

# Deny forwarding
sudo iptables -P FORWARD DROP

Advanced Configuration

Allow HTTP/HTTPS

Web server rules:

# Allow HTTP
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Allow HTTPS
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Rate Limiting

Limit connections:

# Limit SSH connections
sudo iptables -A INPUT -p tcp --dport 22 -m connlimit --connlimit-above 3 -j REJECT

Saving Rules

Save Rules

Arch/CachyOS:

# Save rules
sudo iptables-save > /etc/iptables/iptables.rules

# Restore rules
sudo iptables-restore < /etc/iptables/iptables.rules

# Auto-restore on boot
sudo systemctl enable iptables

Debian/Ubuntu:

sudo netfilter-persistent save

Fedora:

sudo service iptables save

Troubleshooting

Check Rules

List rules:

# List all rules
sudo iptables -L -v -n

# List with line numbers
sudo iptables -L -v -n --line-numbers

# List specific chain
sudo iptables -L INPUT -v -n

Delete Rules

Remove rules:

# Delete by line number
sudo iptables -D INPUT 1

# Delete specific rule
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT

Summary

This guide covered iptables configuration for Arch Linux, CachyOS, and other distributions, including basic and advanced rules.

Next Steps

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.

Clone this wiki locally