Iptables Tutorial: Securing Your VPS with the Linux Firewall

Iptables Tutorial: Securing Your VPS with the Linux Firewall

Are you looking for a comprehensive iptables tutorial for your VPS? This article will show you how to install and use iptables on an Ubuntu system. You can secure your VPS using the command-line interface by learning about this Linux firewall tool.

What Is Iptables?

Iptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.

How Does Iptables Work?

When a packet matches a rule, it is assigned a target, which can be another chain or one of these special values:

- ACCEPT: will allow the packet to pass through.

- DROP: will not allow the packet to pass through.

- RETURN: stops the packet from traversing a chain and tells it to go back to the previous chain.

In this iptables tutorial, we will work with one of the default tables, called "filter." This table consists of three chains:

- INPUT: controls incoming packets to the server.

- FORWARD: filters incoming packets that will be forwarded elsewhere.

- OUTPUT: filters packets going out from your server.

Before starting this guide, make sure you have SSH root or sudo access to your machine running Ubuntu 16.04 or higher. You can establish the connection through PuTTY (Windows) or the terminal (Linux, macOS). If you have a Holy VPS, you can get the SSH login details in the "Servers" tab of hPanel.

Important: iptables rules only apply to IPv4. If you want to set up a firewall for the IPv6 protocol, you will need to use "ip6tables" instead.

How to Install and Use the Linux Iptables Firewall

We will divide this iptables tutorial into three steps. First, you will learn how to install the tool on Ubuntu. Second, we will show you how to define the rules. Finally, we will guide you through making persistent changes to iptables.

1. Install Iptables

Iptables comes preinstalled in most Linux distributions. However, if you don't have it on your Ubuntu/Debian system by default, follow the steps below:

- Connect to your server via SSH. If you don't know how, you can read our SSH tutorial.

- Run the following commands one by one:

```bash

sudo apt-get update

sudo apt-get install iptables

```

- Check the status of your current iptables configuration by running:

```bash

sudo iptables -L -v

```

Here, the `-L` option is used to list all the rules, and `-v` is to show the information in a more detailed format.

You will get a result similar to the following:

```plaintext

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

```

You will now have the Linux iptables firewall installed. At this point, you will notice that all chains are set to ACCEPT and have no rules. This is not secure, as any packet can pass through without filtering.

Don't worry, we will tell you how to define rules in the next step of our iptables tutorial.

2. Define Chain Rules

Defining a rule means adding it to the chain. To do this, you need to insert the `-A` (Append) option right after the iptables command, like this:

```bash

sudo iptables -A

```

This will alert iptables that you are adding new rules to a chain. Then, you can combine the command with other options, such as:

- `-i` (interface): the network interface whose traffic you want to filter, such as eth0, lo, ppp0, etc.

- `-p` (protocol): the network protocol where your filtering process takes place. It can be tcp, udp, udplite, icmp, sctp, icmpv6, and more. Alternatively, you can type "all" to choose every protocol.

- `-s` (source): the address from which traffic comes. You can add a hostname or an IP address.

- `--dport` (destination port): the destination port number of a protocol, such as 22 (SSH), 443 (https), etc.

- `-j` (target): the target name (ACCEPT, DROP, RETURN). You need to insert this every time you make a new rule.

If you want to use all these parameters, you must write the command in this order:

```bash

sudo iptables -A <chain> -i <interface> -p <protocol (tcp/udp)> -s <source> --dport <port number> -j <target>

```

Once you understand the basic syntax, you can start configuring the firewall to give your server more security. For this iptables tutorial, we will use the "INPUT" chain as an example.

Enable Traffic on localhost

To allow traffic on localhost, type the following command:

```bash

sudo iptables -A INPUT -i lo -j ACCEPT

```

For this iptables tutorial, we use "lo" or the loopback interface. It is used for all communications on localhost. The command above will ensure that connections between a database and a web application on the same machine work properly.

Enable Connections on HTTP, SSH, and SSL Ports

Next, we want http (port 80), https (port 443), and ssh (port 22) connections to work as usual. To do this, we need to specify the protocol (-p) and the corresponding port (--dport). You can run these commands one by one:

```bash

sudo iptables -A INPUT -p tcp --dport 22 -j

ACCEPT

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

```

It's time to check if the rules have been added in iptables:

```bash

sudo iptables -L -v

```

It should return the results below, meaning all TCP protocol connections from the specified ports will be accepted:

```plaintext

The destination port acceptance in iptables consisting of http, https, and ssh

```

Filter Packets Based on Source

Iptables allows you to filter packets based on an IP address or a range of IP addresses. You need to specify it after the `-s` option. For example, to accept packets from 192.168.1.3, the command would be:

```bash

sudo iptables -A INPUT -s 192.168.1.3 -j ACCEPT

```

You can also reject packets from a specific IP address by replacing the ACCEPT target with DROP.

```bash

sudo iptables -A INPUT -s 192.168.1.3 -j DROP

```

If you want to reject packets from a range of IP addresses, you must use the `-m` option and the iprange module. Then, specify the IP address range with --src-range. Remember, a hyphen should separate the IP address range without a space, like this:

```bash

sudo iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j DROP

```

Filtering packets based on their sources is crucial if you are using an intrusion detection and prevention system (IDS/IPS) like Suricata. This tool monitors your VPS network and notifies you about malicious traffic.

IDS/IPS displays the origins of malicious packets, which you can add to the iptables block list. Check out our article to learn more about how to set up Suricata on Ubuntu.

Block All Other Traffic

It is crucial to use the DROP target for all other traffic after defining --dport rules. This will prevent an unauthorized connection from accessing the server through other open ports. To achieve this, simply type:

```bash

sudo iptables -A INPUT -j DROP

```

Now, the connection outside the specified ports will be blocked.

Delete Rules

If you want to remove all rules and start from scratch, you can use the -F (flush) option:

```bash

sudo iptables -F

```

This command clears all current rules. However, to delete a specific rule, you must use the -D option. First, you need to see all available rules by entering the following command:

```bash

sudo iptables -L --line-numbers

```

You will get a list of rules with numbers:

```plaintext

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT all -- 192.168.0.4 anywhere

2 ACCEPT tcp -- anywhere anywhere tcp dpt:https

3 ACCEPT tcp -- anywhere anywhere tcp dpt:http

4 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

```

To delete a rule, insert the corresponding chain and the number from the list. Let's say, for this iptables tutorial, we want to get rid of rule number three from the "INPUT" chain. The command should be:

```bash

sudo iptables -D INPUT 3

```

Alternatively, if you only need to filter incoming traffic, you can use Holy's VPS Firewall. Select your VPS and navigate to the Firewall section:

Conclusion

Iptables is a powerful firewall program that you can use to secure your Linux server or VPS. The great thing is you can define various rules based on your preferences.

In this iptables tutorial, you have learned how to install and use the tool. Now, we hope you can manage your rule sets to filter incoming and outgoing packets.

It's time to try it out yourself and good luck!