Configuration & Use iptables on Linux

iptables is an interface allowing to configure netfilter which is none other than a firewall management tool integrated to the Linux systems.

Functioning

iptables is operating according to a tables system, these tables are composed of strings.
Any incoming package is analyzed in order to determine, particularly, its source and destination.
It is composed of three kinds of strings :

Allows to analyze incoming packages. If the package is directed to the post, it is faced with the INPUT filter.

Allows to analyze and authorize the frames to pass from an interface to another, only within the framework of a network interface used as a bridge.

Allows to analyze the output packages. If the package gets out of the post, it will pass through the OUTPUT string.

At this table, can be affected policies : DROP, LOG, ACCEPT and REJECT.


Rules execution

There are several methods to activate your firewall rules or to render it active even after a reboot : manually created rules, writing in an executable file, storage in a file called by a script, …

Here are the two most common methods to activate and keep them after reboot:

1st method

Create your script file (you can find an iptables script example in the next paragraph) then turn it into a starting executable :

2nd method

Execute the iptables commands directly from the prompt then make them “persistent” (still active after reboot) :

It includes the arguments save to safeguard the rules, flush to empty all the rules and reload to reload them from the aforementioned files.


Example of stand-alone script

Here is an example of a script to be executable and to load at start up :


<

h2 class = “h2-border”>Test the port opening</ h2>
In order to test the proper functioning of an application or the implementation of a firewall-type filtering rule, you have the possibility of using the “Telnet” tool integrated in a majority of operating systems.

The use is done from a command prompt (Microsoft: PowerShell or via a terminal in Unix / Linux environment).

Here is an example of the control of the good opening of port 80 on the site www.jaguar-network.com


~> telnet www.jaguar-network.com 80
Trying 85.31.196.218 …
Connected to www.jaguar-network.com.
Escape character is ‘^]’. </ Pre>

The port is open, the app is connected and waiting for you to place an order.
If the port is closed, the software can not start the connection and the following messages may be encountered:

<

pre> telnet: Unable to connect to remote host: Operation timed out
telnet: Unable to connect to remote host: Connection refused </ pre>