How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux
Last Updated :
09 Dec, 2022
A system administrator can modify the IP packet filter rules of the Linux kernel firewall, which are implemented as various Netfilter modules, using the user-space utility application iptables. The filters are arranged in several tables, each of which has a set of rules on how to handle packets of network data. Using a set of programmable table rules, the Linux command line firewall Iptables enables system administrators to control both incoming and outgoing traffic. Iptables employ a collection of tables with chains that each contain a set of pre-configured or user-defined rules. A command-line firewall tool called iptables uses policy chains to allow or deny traffic. Iptables searches through its list of rules to find one that matches a connection that tries to establish itself on your system. In the absence of one, it falls back on the default course of action.
Rule 1: Since portable rules are ephemeral, they must be explicitly stored in order for them to remain in effect after a reboot. The iptables-persistent package is one approach to storing iptables rules on Ubuntu. Install it using apt as follows:
sudo apt install iptables-persistent
It will give the target Port Source.
Output:
Rule 2: You will be prompted to decide whether to save your current firewall rules before beginning the installation. Run the following command after updating your firewall rules if you wish to preserve the changes:
sudo netfilter-persistent save
The netstat utility may be used to determine this. We will add the -4 argument because our application can only communicate over IPv4, but if you are also using IPv6, you can remove it. The additional arguments required to locate our running services are -plunt.
Output:
Setup an Iptables Firewall
Step 1: The iptables command to add a rule to the firewall as shown below:
iptables -A chain_name criteria -j target
Input protocol ICMP
Output:
Step 2: In order to define a DROP policy for input pings to our firewall, we must first compare the DROP and REJECT policies. In other words, ICMP packets will be silently dropped.
ping -c 3 192.168.0.15
We must permit access to port 3306 on our database server’s private IP address. That address in our instance was 192.168.0.15 We can restrict access by matching against the interface that has been given that address, or we can restrict access specifically for this address.
Output:
Step 3: To ensure that our packets will be tested by this new rule before moving on to the REJECT part, we will flush all rules from the INPUT chain
iptables -A OUTPUT --protocol tcp --destination-port 22 --out-interface eth0 --jump REJECT
Allowing incoming SSH connections (port 22) will likely be necessary if you’re using a server without a local console so that you can connect to and manage your server. The configuration of your firewall with various SSH-related rules is covered in this section.
Output:
Step 4: SSH logins from dev2 to dev1 must be turned on and off. While we’re handling outgoing traffic, we’ll be dealing with the OUTPUT chain
iptables -F
iptables -A INPUT -i eth0 -s 0/0 -p TCP --dport 2049 -j REJECT
iptables -A INPUT -i eth0 -s 0/0 -p TCP --dport 111-j REJECT
For HTTP and HTTPS connections, respectively, web servers like Apache and Nginx normally listen for requests on ports 80 and 443. Create rules that will enable your server to reply to requests if the default policy for incoming traffic is set to drop or reject.
Output:
Step 5: Allowing or denying NFS clients (from 192.168.0.0/24) the ability to mount NFS4 shares to block all traffic on ports 2049 and 111 on an NFSv4 server or firewall, issue the following commands
iptables -D INPUT 1
iptables -nL -v --line-numbers
iptables -R INPUT 2 -i eth0 -s 0/0 -p TCP --dport 2049 -j REJECT
iptables -R INPUT 1 -p tcp --dport 80 -j REJECT
You will be prompted to decide whether to save your current firewall rules before beginning the installation. Run the following command after updating your firewall rules if you want to save the changes:
Output:
Step 6: To load the rules saved in the /etc/iptables/rules.v4 file, install the iptables-persistent package
apt-get install iptables-persistent
Output:
Examples of IPTables
Example 1: Disabling/re-enabling ssh logins from dev2 to dev1
vi /etc/ssh/sshd_config
Output:
Example 2: Allowing / preventing NFS clients (from 192.168.0.0/24) to mount NFS4 shares iptables and other port-filtering firewalls cannot protect dynamic ports. You must first set up NFS services to use fixed ports. Access /etc/sysconfig/nfs and type:
vi /etc/sysconfig/nfs
Output:
Inserting and Deleting Rules
1. Inserting rules:
Run the iptables command with the -S option to list all of the active iptables rules by specification:
sudo iptables -S
In order to create an exception for the connection between our web server and database server, we will once more be adding a rule to our TCP chain.You would add the rule in the following way if you wanted to restrict access based on the specific address in question:
Output:
2. Deleting Rules:
Run the following command to remove the rule that drops incoming invalid packets:
sudo iptables -L --line-numbers
We must include port 80 in our list of permitted traffic on the web server. We won’t limit the rule by interface or destination address because the server is listening on all possible addresses.
Output:
Similar Reads
How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux
A system administrator can modify the IP packet filter rules of the Linux kernel firewall, which are implemented as various Netfilter modules, using the user-space utility application iptables. The filters are arranged in several tables, each of which has a set of rules on how to handle packets of n
5 min read
How to use SSH to connect to a remote server in Linux | ssh Command
Secure Shell, commonly known as SSH, is like a super-secure way to talk to faraway computers, called servers. It's like a secret tunnel on the internet that keeps your conversations safe and private. Imagine you're sending a letter, and instead of sending it openly, you put it in a magic envelope th
8 min read
How to setup and configure an FTP server in Linux?
FTP (file transfer protocol) is an internet protocol that is used for transferring files between client and server over the internet or a computer network. It is similar to other internet protocols like SMTP which is used for emails and HTTP which is used for websites. FTP server enables the functio
9 min read
How to setup and configure an FTP server in Linux?
FTP (file transfer protocol) is an internet protocol that is used for transferring files between client and server over the internet or a computer network. It is similar to other internet protocols like SMTP, which is used for emails, and HTTP, which is used for websites. FTP server enables the func
13 min read
How to install and setup the OpenVPN server on Ubuntu/Debian?
A VPN is a tool that acts as a middleman between you and the Internet that you browse. Whatever you do online, the VPN acts as a connecting bridge between your computer and the Internet. To the services that you are using, for example - visiting a website), to them, it appears as if your VPN is the
6 min read
How to Flush the Iptables and Clear the Firewall Rules
Iptables is a robust and versatile tool for managing firewall rules on a Linux system. However, beginners may find it challenging to work with. This article is designed to help newcomers understand the process of flushing iptables and clearing all firewall rules on a Linux system in greater detail,
5 min read
How to Turn a Linux Server into a Router to Handle Traffic Statically and Dynamically
The fundamental unit used to convey information within a network is called a packet, to put it simply. The principles for transmitting data across networks that utilize TCP/IP are the same: the actual information is divided into packets that contain both the data and the address to which it should b
4 min read
How to Open Ports in Linux Server Firewall
Management of the server firewall and therefore control of the ports that are open is a very significant and fundamental procedure that any system administrator needs to master in order to control the network accessibility by closing sensitive ports. Firewalls are boundaries, that regulate traffic o
5 min read
How to Enable and Start SSH on Kali Linux
Secure Shell (SSH) is a protocol that provides a secure way to access a remote computer. It allows you to remotely log in to a system and execute commands as if you were sitting at the console. In this guide, we will explain how to enable and start SSH on Kali Linux, a popular Linux distribution use
5 min read
How to Control Systemd Services on Remote Linux Server
Linux, SysV, and LSB init scripts are compatible with Systemd, a system and service manager. Aggressive parallelization capabilities are offered by Systemd, which also offers on-demand daemon starting and uses Linux cgroups to keep track of processes. Systemd also supports system snapshotting and re
2 min read