TurtleFirewall.com

What are IPtables in Linux?


Packed with a number of useful tools, Linux presents a selection of specialised utilities to help control your system to specific requirements, iptables being an example of the networking capabilities of the operating system. When monitoring your network activity, it's sometimes useful to have a framework that allows you to filter outbound and inbound data with specific customisations and rules set using the framework.

Linux comes with a packet filtering network by default - netfilter, a resource which allows you to drop and accept incoming connections to a system. iptables builds upon this by allowing support for a firewall, where specific rules are set and incoming traffic is compared to these rules and dropped or allowed accordingly.

what are iptables

Choose the Right Distribution:
If you want an easy transition, you're going to have to pick a good distribution (or "distro", for short). There are a few Linux distributions that newbies should stay far away from. Distributions such as Arch Linux or Gentoo are intended for advanced users, and use a complicated installation process in order to maximize the operating system's performance.

New users should instead opt to use a distribution such as Ubuntu or Linux Mint. Both of these distributions are easy to install. In fact, ease of use is the main aim of both distributions. They both operate much like Windows, but there are a few things that newbies will have to learn, such as the usage of package managers, or using the command line to install applications. But, all this information is easily found online, and methods differ from distribution to distribution.

The main elements of iptables

An iptable is capable of modifying, moving, and dropping or allowing packets of data into a Linux system. This is done through a collection of properties given to each packet of data - tables, chains and targets. The tables are used to filter the incoming data, by having tables for a specific purpose with a chain attached, containing rules to execute in order. The target contains information on possible events and the action to take place when conditions are met. Iptables allow you to modify these properties, and manage how the incoming traffic is treated by changing the rules - the tables, chains and targets - in place.

Chains: a brief description

The chains in an iptable are dependent on the table being used by a packet, but are always followed in order whilst the traffic traverses the firewall. For instance, the default table 'filter', the most commonly used table, contains the chains 'input', 'output' and 'forward' all of which will be used at varied points in the firewall.

Usually, only two types of tables need to be used - the nat table and the filter table. The filter table encompasses the vast majority of traffic, and determines if a packet should reach its destination based on the chain and comparing this to rules in place.

The nat table (network address translation) is used to route packets to different nodes on a network by changing the destination address a packet holds. This can be useful for transferring traffic to a separate location when required, or accessing a service which can't be used directly.

Targets

Rules in the chain concerning a packet are orientated around changes in the target property. When a packets chain is checked, a decision can be made based on the rules in place, and the target destination of that packet can then be changed based on the outcome. The outcome of a targets modification can be determined by the type of target. For instance, the primarily used targets are accept, drop, and reject. The accept property allows the packet to be handled through iptables, where it can then be accepted into the system. The alternative to this is the drop IP rule, where the packet is dropped from the system and the sender is informed that the destination address doesn't exist.