IPTables: Filtering

Filtering Rules

The Filter rules filter packets based on the admin information. The rules can be edited uusing the iptables command.

There are four basic actions that can be passed:

iptables -A  #Append A rule
iptables -D # Delete A Rule
itables -L #List All Rules
iptables -F #Flush the Rules

List the Rules

To see the rules that are currently in place use the '-L' flag. The rules are shown in three tables based on the direction of the packet. In the example there are currently no rules set up.

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Flush the Rules

Append / Delete A Rule

Table Types

In order to control IPTables you need to be able to add, remove and edit the rules. This can be done using the '-A' and '-D' flags.

As Shown in the list above, the rules are seperated into three tables: Input, Output and Forwarding. In order to chnage the rules, a table must be specified:

iptables -A  INPUT
iptables -A  OUTPUT
iptables -A  FORWARD

iptables -D  INPUT
iptables -D  OUTPUT
iptables -D  FORWARD

Packet Pattern

The Packet Pattern set the condition that must be matched for the rule to be applied. The two simplest types of patterns are:

iptables -A <table> -s <ip_address>  #Source Address Pattern
iptables -A <table> -d <ip_address>  #Destination Address Pattern
iptables -A <table> -p <type of packet> #UDP, TCP or ICMP
iptables -A <table> -t <type of packet> --dport <port number>  #protocol and port

= Direction (-a)

Filter Rules Apply in three Directions: Outgoing, Incoming and Forwarding.