IPtables is a command line utility for configuring the Linux kernel firewall implemented as part of the Netfilter project. The term iptables is also commonly used to refer to such a kernel firewall. It can be configured directly with iptables, or using one of the many existing console and graphics frontend. The term iptables is used for IPv4, and the term IP6tables for IPv6. Both iptables and ip6tables have the same syntax, but some options are specific to IPv4 or IPv6.
In turn, each table contains a number of chains, some by default and others defined by the user. Within each iptables table the rules are organized in separate chains. While the tables are defined by the type of rules they maintain (filtering, swimming, packet handling), the chains represent the events that trigger or initiate each rule (netfilter hooks). In this way, the chains determine when the rules are evaluated (when a packet enters the system, when a packet leaves the system, when a packet must be forwarded to another system, etc.)
The different hooks present in the netfilter framework match the following strings:
▸Prerouting: Incoming traffic, just before entering the kernel network stack. The rules in this chain are processed before making any routing decisions regarding where to send the packet.
▸Input: Incoming traffic, after being rooted and destined for the local system.
▸Forward: Incoming traffic, after being routed and destined to another host (forwarded).
▸Output: Outgoing traffic originating from the local system, immediately after entering the kernel network stack.
▸Postrouting: Outgoing traffic originating from the local system or forwarded, after being routed and just before being put on the wire.
The goal of chains is to be able to control when, throughout the flow of a packet through the system and the network stack, a rule is evaluated.
IPtables Commands
To Start / Stop / Restart Iptables we must execute these commands:
▸sudo service iptables start
▸sudo service iptables stop
▸sudo service iptables restart
The main IPtables commands are the following:
▸–A -append: Add a rule to a chain.
▸-D -delete: Delete a rule from a specified chain.
▸-R -replace: Replace a rule.
▸-I -insert: Insert a rule instead of a string.
▸-L -list: Shows the rules that we pass as an argument.
▸-F -flush: Remove all rules from a chain.
▸-Z -zero: Clears all counters in a chain.
▸-N -new-chain: Allows the user to create their own chain.
▸-X -delete-chain: Deletes the specified chain.
▸-P -policy: Explains to the kernel what to do with packets that do not match any rule.
▸-E -rename-chain: Change the order of a chain.
