Basic IPTables Commands
Basic Commands
There are several operations you can do with iptables. You start with three default chains INPUT, OUTPUT and FORWARD that you cannot delete. Let’s look at the operations to administer chains:
Creating a new chain:
| |
Delete an empty chain:
| |
Change the default rule for a starting chain:
| |
Example:
| |
or
| |
List the rules in a chain:
| |
Remove rules from a chain:
| |
or
| |
Empty rules from another table (e.g., NAT):
| |
Reset the bit and packet counters of a chain:
| |
Manipulating Rules in a Chain
Add a new rule to the chain:
| |
Insert a new rule at a position in the chain:
| |
Replace a rule at a position in the chain:
| |
Delete a rule at a position in the chain:
| |
Delete the first matching rule in a chain:
| |
Displaying Your IPTables Configuration
Display the entire filter table:
| |
Display only the NAT table:
| |
Usage Examples
To allow packets on the telnet port coming from a local network:
| |
To ignore other incoming packets on the telnet port:
| |
To reject incoming packets on port 3128, often used by proxies, then add a comment:
| |
To perform automatic NAT for all packets leaving through the ppp0 interface (often representing the internet connection):
| |
Disable all rules without disconnecting:
| |
Resources
Last updated 06 May 2013, 15:42 CEST.