🛡️ Iptables Tutorial: Securing Your VPS with the Linux Firewall

Are you looking for a comprehensive iptables tutorial for your VPS? This article will show you how to install and use iptables on an Ubuntu system. You can secure your VPS using the command line interface by learning about this powerful Linux firewall tool.

🔍 What is Iptables?

Iptables is a firewall program for Linux. It monitors traffic to and from your server using tables. These tables contain sets of rules, called chains, that filter incoming and outgoing data packets.

🛠️ How Does Iptables Work?

When a packet matches a rule, it is assigned a target, which can be another chain or one of these special values:

• ACCEPT: Allows the packet to pass through.

• DROP: Prevents the packet from passing through.

• RETURN: Stops the packet from traversing a chain and tells it to return to the previous chain.

In this iptables tutorial, we will work with one of the default tables called "filter." This table consists of three chains:

• INPUT: Controls incoming packets to the server.

• FORWARD: Filters incoming packets that will be forwarded elsewhere.

• OUTPUT: Filters packets leaving your server.

  
  

Before starting this guide, make sure you have root or sudo SSH access to your machine running Ubuntu 16.04 or later. You can establish the connection via PuTTY (Windows) or the terminal (Linux, macOS). If you have a VPS from PixelHost, you can obtain the SSH login details in the "Servers" tab of hPanel.

Important: Iptables rules only apply to IPv4. If you want to configure a firewall for the IPv6 protocol, you will need to use "ip6tables" instead.

🔄 How to Install and Use the Linux Iptables Firewall

We will divide this iptables tutorial into three steps. First, you’ll learn how to install the tool on Ubuntu. Second, we’ll show you how to define rules. Lastly, we’ll guide you through making persistent changes in iptables.

1️⃣ Installing Iptables

Iptables comes pre-installed on most Linux distributions. However, if you don’t have it on your Ubuntu/Debian system by default, follow these steps:

• Connect to your server via SSH.

• Run the following commands one by one:

  • sudo apt-get update

  • sudo apt-get install iptables

• Check the status of your current iptables configuration by running:

  • sudo iptables -L -v

  Here, the -L option is used to list all rules, and -v displays the information in more detail.

  You will get an output similar to the following:

python
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

• Now you have the Linux iptables firewall installed. At this point, you’ll notice that all chains are set to ACCEPT and have no rules. This is not secure since any packet can pass through without being filtered.

  Don’t worry; we’ll show you how to define rules in the next step of our iptables tutorial.

  
  

2️⃣ Defining Chain Rules

Defining a rule means adding it to a chain. To do this, you need to insert the -A (Append) option right after the iptables command as follows:

• sudo iptables -A

This alerts iptables that you’re adding new rules to a chain. You can then combine the command with other options such as:

• -i (interface): The network interface whose traffic you want to filter, such as eth0, lo, ppp0, etc.

• -p (protocol): The network protocol where your filtering process occurs. It can be tcp, udp, udplite, icmp, sctp, icmpv6, and more. Alternatively, you can write "all" to choose all protocols.

• -s (source): The address from which the traffic originates. You can add a hostname or an IP address.

• --dport (destination port): The destination port number of a protocol, such as 22 (SSH), 443 (https), etc.

• -j (target): The name of the target (ACCEPT, DROP, RETURN). You must insert this every time you make a new rule.

If you want to use all these parameters, you should write the command in this order:

• sudo iptables -A <chain> -i <interface> -p <protocol (tcp/udp)> -s <source> --dport <port number> -j <target>

  
  

Once you understand the basic syntax, you can start configuring the firewall to secure your server. For this iptables tutorial, we’ll use the "INPUT" chain as an example.

🔄 Allowing Traffic on localhost

To allow traffic on localhost, write the following command:

• sudo iptables -A INPUT -i lo -j ACCEPT

For this iptables tutorial, we use "lo" or the loopback interface. It is used for all communications on localhost. The above command will ensure that connections between a database and a web application on the same machine work correctly.

🔄 Enabling Connections on HTTP, SSH, and SSL Ports

Next, we want to allow http (port 80), https (port 443), and ssh (port 22) connections to work as usual. To do this, we need to specify the protocol (-p) and the corresponding port (--dport). You can run these commands one by one:

• sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

• sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

It’s time to check if the rules have been added in iptables:

• sudo iptables -L -v

This should return the results below, meaning all TCP protocol connections from the specified ports will be accepted:

Destination port acceptance in iptables consisting of http, https, and ssh

🔄 Filtering Packets Based on Source

Iptables allows you to filter packets based on an IP address or a range of IP addresses. You need to specify it after the -s option. For example, to accept packets from 192.168.1.3, the command would be:

• sudo iptables -A INPUT -s 192.168.1.3 -j ACCEPT

You can also reject packets from a specific IP address by replacing the ACCEPT target with DROP.

• sudo iptables -A INPUT -s 192.168.1.3 -j DROP

If you want to reject packets from a range of IP addresses, you need to use the -m option and the iprange module. Then, specify the range of IP addresses with --src-range. Remember, a hyphen should separate the IP address range without space, like this:

• sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j DROP

Filtering packets by their sources is crucial if you are using an intrusion detection and prevention system (IDS/IPS) like Suricata. This tool monitors your VPS network and notifies you of malicious traffic.

IDS/IPS shows the sources of malicious packets, which you can add to the iptables block list. Check out our article to learn more about setting up Suricata on Ubuntu.

🔄 Blocking All Other Traffic

It’s crucial to use the DROP target for all other traffic after defining --dport rules. This will prevent unauthorized connections from accessing the server through other open ports. To achieve this, simply write:

• sudo iptables -A INPUT -j DROP

Now, connections outside the specified ports will be blocked.

🗑️ Deleting Rules

If you want to delete all rules and start fresh, you can use the -F (flush) option:

• sudo iptables -F

This command clears all current rules. However, to delete a specific rule, you need to use the -D option. First, you must see all available rules by entering the following command:

• sudo iptables -L --line-numbers

You will get a list of rules with numbers:

sql
Chain INPUT (policy ACCEPT) num target prot opt source destination 1    ACCEPT all  -- 192.168.0.4 anywhere 2    ACCEPT tcp -- anywhere anywhere tcp dpt:https 3    ACCEPT tcp -- anywhere anywhere tcp dpt:http 4    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

To delete a rule, insert the corresponding chain and number from the list. Let’s say we want to get rid of rule number three from the "INPUT" chain. The command should be:

• sudo iptables -D INPUT 3

Alternatively, if you need to filter only incoming traffic, you can use PixelHost's VPS Firewall. Select your VPS and navigate to the Firewall section.

📝 Conclusion

Iptables is a powerful firewall program that you can use to secure your Linux server or VPS. The great thing is that you can define multiple rules according to your preferences.

In this iptables tutorial, you have learned how to install and use the tool. Now, we hope you can manage your rule sets to filter incoming and outgoing packets.

It’s time to try it out for yourself, and good luck!

Best Regards,

João @PixelHost.