Iptables is a firewall program commonly used on Linux based VPS. Similar to other firewalls, based on a predefined set of rules, it will filter incoming and outgoing data packets by monitoring the server. However, iptables by default has all of its sets of rules, or chains configured to accept all. This means the firewall allows all packets to go through your server without any filtering which is not effective in securing your server. In this article, you will learn how to define the chain rules of the iptables to secure your VPS.
Appending New Rules
To define a new rule and add it into the chain, you will need the append command, which is “-A” such as how the following command is.
sudo iptables -A
The iptables will be alerted when new rules are added to the chain. There are multiple commands you are able to match them together. Here are some of the commands you may use in the rules.
- -i (interface) – network interface whose traffic you would like to filter, for example, eth0, lo, ppp0, and so on.
- -p (protocol) – network protocol where your filtering process takes place, where it can be tcp, udp, udplite, icmp, sctp, icmpv6, or just pick all protocols.
- -s (source) – the address of the traffic, you may add hostnames or IP address
- -dport (destination port) – the designation port number of a protocol, such as 22 (SSH), 443 (https), etc.
- -j (target) – the name of the target, such as ACCEPT, DROP, and RETURN. This will be necessary to add every time a new rule is made.
You can use the following command to use all the options in the following manner.
sudo ip-tables -A <chain> -i <interface> -p <protocol (tcp/udp) > -s <source> –dport <port no.> -j <target>
You may start to configure your firewall to provide more security once you understand the basic syntax.
Enabling Traffic On Localhost
Set a chain using the following command to allow traffic on localhost.
sudo iptables -A INPUT -i lo -j ACCEPT
This command ensures that connections between a database and a web application within the same machine are working as intended.
Enabling Connection Ports
The ports that we might want to enable are http, https, and ssh. To do so, we need to specify the protocol (-p), and the corresponding port (-dport). Run the command by replacing the “<protocol>” and “<port no.>” in the command below with their respective protocol and port number. For example, if the protocol used is tcp and the port used is ssh, replace “<protocol>” with “tcp” and “<port no.>” with “22” due to the port number of ssh being 22 by default.
sudo iptables -A INPUT -p <protocol> –dport <port no.> -j ACCEPT
To verify if the rules had been implemented, you may use the command below.
sudo iptables -L -v
You should be able to see that the TCP protocol connections from specified ports will be accepted.
Filtering Packets
You are able to filter packets based on a range of IP addresses or just an IP address using iptables. Specify the IP address using the “-s” option. To accept packets from a specific IP address, use the following command.
sudo iptables -A INPUT -s <IP address> -j ACCEPT
Replace the IP address with the IP address you had picked. For the case where you needed to drop a specific IP address instead of accepting, replace “ACCEPT” with “DROP”. To specify a range, use the “-m” option, iprange module, and specify the range using “-src-range” as shown in the following command.
sudo iptables -A INPUT -m iprange –src-range <IP Address 1>-<IP Address 2> -j <ACCEPT/DROP>
Replace IP Address 1 and 2 for the range you needed and pick either accept or drop like the command above.
Drop All Other Traffic
To drop all traffic from outside aside from the specified port, use the following command.
sudo iptables -A INPUT -j DROP
Removing Rules
To start with a clean state, you can remove all the rules using the flush option, “-F”.
sudo iptables -F
The command above was for removing all rules. However, for the case where you just wanted to remove a specific rule, you will have to first list out all the rules using the following command.
sudo iptables -L –line-numbers
The command above will list out all the rules along with their index number. The rule deletion uses the “-D” option, as well as to specify the index number of the rule such as the following command.
sudo iptables -D INPUT <index number of rule>
To delete rule number 2, replace “<index number of rule>” with 2 and run it. That’s all you need for defining your chain rules.