iptables
Administration tool for IPv4 packet filtering and NAT
Overview
Used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Configure firewall rules for security and network traffic control.
Syntax
iptables [-t table] {-A|-C|-D} chain rule-specificationCommon Options
-L, --list [chain]List all rules in the selected chain. If no chain is selected, all chains are listed.
-A, --append chainAppend one or more rules to the end of the selected chain.
-D, --delete chainDelete one or more rules from the selected chain.
-I, --insert chain [rulenum]Insert one or more rules in the selected chain at the given rule number.
-F, --flush [chain]Flush the selected chain (delete all rules).
-P, --policy chain targetSet the policy for the chain to the given target.
-p, --protocol protocolThe protocol of the rule (tcp, udp, icmp, all).
-s, --source addressSource address specification.
-d, --destination addressDestination address specification.
--dport portDestination port (requires -p tcp or -p udp).
--sport portSource port (requires -p tcp or -p udp).
-j, --jump targetTarget of the rule (ACCEPT, DROP, REJECT, LOG).
-i, --in-interface nameName of an interface via which a packet was received.
-o, --out-interface nameName of an interface via which a packet is going to be sent.
-m, --match matchSpecifies a match to use (state, multiport, conntrack).
-n, --numericNumeric output of addresses and ports.
-v, --verboseVerbose output.
Examples
List all rules with numeric addresses and packet counters.
Set default policy for INPUT chain to DROP (deny all incoming).
Allow all traffic on loopback interface.
Allow established and related connections.
Allow incoming SSH connections on port 22.
Allow incoming HTTP connections on port 80.
Allow incoming HTTPS connections on port 443.
Allow ICMP (ping) requests.
Allow all traffic from 192.168.1.0/24 subnet.
Delete the rule allowing port 8080.
Flush (delete) all rules from all chains.
Save current rules to a file.
Restore rules from a file.