The Linux kernel’s network packet processing subsystem is called Netfilter, and iptables is the command used to configure it. Until recently, just plain iptables was the default firewall manager on every Linux distro. It still is on most distros, but Red Hat Enterprise Linux 7 and all of its offspring now use the new firewalld as an easier-to-use frontend for configuring iptables rules. Ubuntu comes with Uncomplicated Firewall (ufw), which is also an easy to use frontend for iptables. iptables consists of five tables of rules, each with its own distinct purpose:
- Filter table: For basic protection of our servers and clients, this might be the only table that we use.
- Network Address Translation (NAT) table: NAT is used to connect the public internet to private networks.
- Mangle table: This is used to alter network packets as they go through the firewall.
- Raw table: This is for packets that don’t require connection tracking.
- Security table: The security table is only used for systems that have SELinux installed.
Here is a sample iptables command:
# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.3:8080
- -t nat: Operate on the nat table…
- -A PREROUTING: … by appending the following rule to its PREROUTING chain.
- -i eth1: Match packets coming in on the eth1 network interface…
- -p tcp: … that use the tcp (TCP/IP) protocol
- –dport 80: … and are intended for local port 80.
- -j DNAT: Jump to the DNAT target…
- –to-destination 192.168.1.3:8080: … and change the destination address to 192.168.1.3 and destination port to 8080.
If you get below error while running the iptables commnand:
iptables: command not found
you may try installing the iptables package as shown below as per your choice of distribution.
|Debian||apt-get install iptables|
|Ubuntu||apt-get install iptables|
|Alpine||apk add iptables|
|Arch Linux||pacman -S iptables|
|Kali Linux||apt-get install iptables|
|CentOS||yum install iptables|
|Fedora||dnf install iptables|
|Raspbian||apt-get install iptables|