How to Protect Your Linux Server Using IPTABLES

Linux Server Using IPTABLES

Unfortunately, there are many instances of server hacking. Due to this fact, utilizing a firewall is essential to enhance network security. You can increase the protection for your server by using Iptables to configure the firewall.

Iptables is a firewall utility for Linux-based operating systems, which many Linux distros, like Rocky Linux and CentOS, include by default. 

Anyone can find Iptables helpful for additional server protection, whether you’re a system administrator and want to prevent potential server security threats or you use VPS and want to ensure that, for example, VPS Rocky Linux is running smoothly with decent protection.

This article will tell you more about Iptables and how you can utilize the tool to protect your server.

How does IPtables tool work?

Iptables is a firewall utility that performs network comparisons according to specific rules.

It basically monitors traffic coming from and to the server through tables. The tables contain the mentioned set of rules, which are called chains, that allow filtering packets of data that the server receives and forwards. The chains imply rules according to which the packet is checked.

There are default chains within Iptables, such as:

  • Input rules. They regulate all packets coming towards the server.
  • Output rules. They handle all traffic that the server produces.
  • Forward rules. They handle incoming packets not addressed to the server.

Those are predefined chains, but you can create your own.

Each chain has a policy that determines what happens to the packets that comply or don’t comply with the rules; a packet can be accepted or rejected.

The strategy of securing your server with Iptables lies in rejecting everything that doesn’t have your permission to accept.

Start using Iptables

You might want to jump right into configuring the rules, but you need to take care of something first before you do that. If you don’t have Ubuntu, Debian, RHEL, Rocky Linux, or AlmaLinux, you might need to additionally install Iptables. Further, we’re going to proceed, considering that Iptables are already installed.

Identify the default chain behavior

The default chain behavior will tell you how chains are configured and what changes you want to make.

To find out the default chain setting, run the following command:

$ sudo iptables -L command

For example, you may face that the chains are configured to accept all traffic, which is exactly what you want. If you figure out that some chain rejects the traffic run the following:

$ sudo iptables —policy INPUT ACCEPT

$ sudo iptables —policy OUTPUT ACCEPT

$ sudo iptables —policy FORWARD ACCEPT

Now, when your server accepts all connections, you can define exactly what you want to block. If you have sensitive data you’re working with, it might be a good idea to block connections altogether and further pick only the IP addresses you want to receive the traffic from. To do this, enter the following:

$ sudo iptables —policy INPUT DROP

$ sudo iptables —policy OUTPUT DROP

$ sudo iptables —policy FORWARD DROP

This will only be beneficial if you’re working with sensitive data. Otherwise, this step isn’t mandatory.

Configure individual connections

Configuring individual connections implies that you “tell” Iptables how to behave when it comes to a specific IP address. For configuring individual connections, there are three commands: accept, drop, and reject.

  • Accept implies that the connection will be accepted.
  • Drop implies that the connection will be blocked from interacting with the server.
  • Reject implies blocking the attempted interaction with the server and notifying about it with the error message.

For example, for blocking the specific IP address, you can use the following command:

$ sudo iptables -A INPUT -S (insert the IP address you want to block) -j DROP

For blocking several connections, use:

$ sudo iptables -A INPUT -s (IP address 1) / (IP address 2) /.0 -j DROP

If you want to delete a specific rule, you can do that, too. If you made a mistake or want to delete a particular rule, you can do that with a -D command combined with the number of the rule you want to delete.

$ sudo iptables -D INPUT (rule number)

And if you’re going to remove a bunch of rules, you can use an -F command:

$ sudo iptables -F

It will clean out your Iptable.

Conclusion

Iptables is a highly versatile tool for protecting your server from the traffic you don’t want. Linux users will find this tool effective for managing traffic flow regarding IP addresses, ports, or protocols.

This article covers just a fraction of the Iptables functionality, but we still hope you find it useful. The experience you have while using your server is crucial for both the efficient management and security of your server, and Iptables is one of the most helpful tools in such an endeavor.