What is iptables?

IPtables is a packet filtering application. This feature is available in all Linux distributions. It is a kernel level firewall.

Iptables provides the administrator with an interface to add, remove, or modify the packet rules.

Iptables is the set of rules to filter out the packets.


What are the policies followed by iptables?

By default there are two types of policies followed by the iptables

1. Deny everything by default policy.

2. Allow everything by default policy.


Deny everything by default policy:

In this iptables policy all connections will be denied automatically

The command for this is #service iptables stop

[root@sys2 ~]# service iptables stop
iptables:  Flushing firewall rules:                           [ OK ]
iptables:  Setting chains to policy ACCEPT: filter            [ OK ]
iptables:  Unloading modules:                                 [ OK ]
To check the status of iptables the command is #service iptables status
[root@sys2 ~]# service iptables status
iptables:  Firewall is not running.


Allow everything by default policy:

The command to start the iptables the command is #service iptables start

[root@sys2 ~]# service iptables start
iptables: Applying firewall rules:                             [ OK ]


Now check the status of the iptables by using the command #service iptables status

[root@sys2 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target prot opt source          destination
1    ACCEPT      all --    state RELATED,ESTABLISHED
2    ACCEPT      icmp --
3    ACCEPT      all --
4    ACCEPT      tcp --    state NEW tcp dpt:22
5    REJECT      all --    reject-with icmp-host-                                                     prohibited
Chain FORWARD (policy ACCEPT)
num    target prot    opt source              destination
1         REJECT        all --           reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num    target prot      opt source            destination


What can filtering protect against?

Filtering protect so many things some of them are..

1. Some forms of network mapping.

2. Some denial of service attacks.

3. Access to private lan services

4. Local mistakes that affect remote sites.

5. Some forms of fragmentation bombs

6. Source routed packets.


Topics Summary