What is IPTABLES ?
To begin with, we have to recognize what is iptables. Iptables is an application/program that enables a client to arrange the security or firewall security tables gave by the Linux bit firewall and the chains so a client can add/expel firewall guidelines to it in like manner to meet his/her security necessities.
Linux Kernel utilizes the Netfilter structure with the goal that it can give different systems administration related operations which can be performed by utilizing iptables.
How to install iptables
Currently, Each Linux Kernel accompanies with iptables and can be discovered pre manufacture or pre introduced on each well known current Linux versions
For CentOS
yum install iptables-services
Iptables version
To identify your iptables version, enter the following command in your terminal
iptables --version
Getting all iptables rules lists
To know current rules that applied in your iptables, Just enter the below command
iptables -L
If there are no rules applied means it simply shows like below image. In that image you can see the three chains and they are INPUT, FORWARD, OUTPUT .
To identify the status of the chains of your iptables firewall.
iptables -S
Clear all iptables rules
To clear or flush all the rules from your iptables firewall. please enter the below command
iptables -F
To flush particular chain alone means you have to enter the below command
iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD
Accept or drop chains
To apply the accept or drop rules in your iptables for particular chain enter the below command
iptables --policy INPUT DROP
To revert back again to accept enter the below command
iptables –policy INPUT ACCEPT
Same for other chains also
iptables --policy OUTPUT DROP iptables --policy FORWARD DROP
Allowing any port
Generally web server use port no 80, that your iptables firewall must allow web server port number
You can use below command for web server accept
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Same thing for allowing SSH port also. SSH port runs on 22, You can modify the command as below
iptables -A INPUT -p tcp --dport 22 -j ACCEPT