iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets.
which is used to create and quick powerful firewall for your system. IPtable provide an interface to work packet filtering framework off Linux kernel called net filter. in very simple term it is a powerful tool to manage networks packets coming to and going out of your system. so with IP table you can block or accept or take other action on the network traffic based on deferent user-defined condition
There are currently three independent tables (which tables are present at any time depends on the kernel configuration options and which modules are present).
-
-
-
first is the filter table now this is the main and default table used in iptables which means whenever you don't mention any specific table the rule applied filter table. as the name suggests the role of this table is of filtering packet that is to make a decision about whether to let a packet continue to its intended destination or to deny destination request
-
-
-
-
The second is the mangle table now this table is used to alter the IP headers of the packet for instance you can adjust the time to live detail value of the packet either lengthening or shortening the number of valid network hops that the packet can sustain now other IP header can be altered in a similar way
-
-
-
chains are the like points in the route of a packet where you can apply rules there are five chains in IP tables
-
-
rules are nothing but user-defined commands to manipulate the network traffic now as each chain is called the packet will be cheked against each rule within the chain in order if the packet dose not math the next rule in the chain is examned if it dose match then next rule is specified by the value of target now eatch rule has basically two component *mathcing component and target component
iptables -t [table] - OPTIONS [CHAINS] [matching component] [action component]
iptables -L -n -v
iptables -t nat -L -n -v
iptables -t nat -L -n -v --line-numbers
sudo iptables -A INPUT -s cleverange.com -j DROP
sudo iptables -A INPUT -s 10.0.1.0/24 -j DROP
sudo iptables -A INPUT -s 10.0.1.50 -j DROP
sudo iptables -D INPUT 1
sudo iptables -P INPUT DROP
sudo iptables -P INPUT ACCEPT
sudo iptables -I INPUT -p tcp --dport 80 -j DROP
sudo iptables -I INPUT -p tcp --dport 80 -s 37.111.231.86 -j ACCEPT
sudo iptables-save > /etc/iptables/rules.v4
sudo /sbin/iptables-save > /etc/iptables/rules.v4
sudo iptables -F