Iptables

Overview

iptables is a user-space tool for configuring netfilter-based firewall rules. It is widely used on older systems; on many modern systems iptables may be a compatibility layer over nftables.

Mental Model

Tables group rules by purpose (filtering vs NAT). Chains are ordered rule lists within a table (e.g., INPUT/OUTPUT/FORWARD). Rules are evaluated top-to-bottom; first matching rule decides (unless it jumps). Matches describe what traffic a rule applies to (IP/port/protocol/state). Targets describe what happens (ACCEPT/DROP/REJECT/LOG/DNAT/SNAT/etc.).

Common Tables and Built-in Chains

filter: INPUT, OUTPUT, FORWARD nat: PREROUTING, POSTROUTING (and OUTPUT on some setups) mangle: PREROUTING, OUTPUT, INPUT, FORWARD, POSTROUTING

Example: Allow Incoming SSH (Port 22)

$ sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Matches (Examples)

Protocol: -p tcp|udp|icmp Ports: --dport <port>, --sport <port> Addresses: -s <src>, -d <dst> Stateful: -m conntrack --ctstate NEW,ESTABLISHED,RELATED

Notes

iptables rules are not a full replacement for service hardening (e.g., SSH config). Prefer documenting intent (what should be reachable) in addition to raw rules.

Related

• Linux/Security/Netfilter
• Linux/Security/Nftables