How to Configure Basic iptables Firewall Rules

When you’re running a Linux server, it’s important to protect it from unwanted traffic. One way to do that is by using iptables. This tool helps you filter network traffic and block anything that shouldn’t be there.

In this article, I’ll walk you through how to use iptables to set up a few basic firewall rules. I’ll explain things in plain language and show you how I like to set it up. Whether you’re new to servers or just looking to clean up your firewall, this guide will help.


What Is iptables?

iptables is a firewall tool used in Linux to manage incoming and outgoing traffic. It looks at each packet (a small piece of network data) and decides what to do with it.

You can tell iptables to:

  • Accept the packet (let it through)
  • Drop the packet (ignore it)
  • Reject the packet (block it and send a message back)

Iptables works by reading a list of rules, in order, from top to bottom. If a packet matches a rule, it follows that rule. If it doesn’t match anything, it follows the default rule.


My Setup and Why I Use iptables

I use iptables on some of my smaller VPS servers. These machines don’t need anything fancy—just a simple way to block everything except what I use. I like iptables because:

  • It’s lightweight
  • It’s already built-in to most Linux systems
  • It works even without extra software

Sometimes I prefer it over newer tools like FirewallD, especially when I want full control over the rules.


Before You Begin

Make sure you’re logged in as root or using sudo. You’ll also want to test carefully. If you block SSH, you could lock yourself out of the server.

To see if iptables is installed:

sudo iptables -L

You should see a list of rules (even if it’s empty).


Step 1: Flush Old Rules (Optional)

If you’re starting fresh, you might want to clear old rules.

sudo iptables -F

This resets everything, so use it only if you know what you’re doing.


Step 2: Set Default Policies

You want to block everything unless you say otherwise. That means setting the default rules to DROP.

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

Here’s what they mean:

  • INPUT: data coming in
  • FORWARD: data passing through the server (not common unless it’s a router)
  • OUTPUT: data going out

Most servers only need to deal with INPUT and OUTPUT.


Step 3: Allow Localhost Traffic

Your server talks to itself using something called localhost (127.0.0.1). Don’t block this.

sudo iptables -A INPUT -i lo -j ACCEPT

This allows internal communication. It’s needed for many apps to work.


Step 4: Allow Already Established Connections

This rule allows traffic from connections you’ve already approved. Like if you make an outbound request, the response can come back in.

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

This is safe and common.


Step 5: Open SSH Port (So You Don’t Get Locked Out)

SSH is what lets you connect to the server remotely. It’s usually on port 22.

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

If you’re using a different port (some people change it), change the number.


Step 6: Allow Web Traffic (Optional)

If you’re running a website, you’ll want to allow HTTP and HTTPS:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

This opens ports for normal and secure web traffic.


Step 7: Save Your Rules

If you reboot now, you’ll lose all the rules. To save them, you can use one of these methods:

On CentOS / RHEL:

sudo service iptables save

Or install the save utility:

sudo yum install iptables-services
sudo systemctl save iptables

On Debian / Ubuntu:

You can install a tool:

sudo apt install iptables-persistent

During install, it’ll ask if you want to save the current rules. Say yes.

Later, you can save manually with:

sudo netfilter-persistent save

Step 8: Check Your Rules

Always double-check what rules are active:

sudo iptables -L -n -v

You’ll see all current rules, how many packets matched them, and which ports are open.


Three Useful Lists to Remember

Common Ports You Might Want to Open

  • 22 – SSH (remote access)
  • 80 – HTTP (websites)
  • 443 – HTTPS (secure websites)
  • 25 – SMTP (email)
  • 3306 – MySQL (database)

Helpful iptables Options

  • -A – Add a rule
  • -D – Delete a rule
  • -L – List rules
  • -F – Flush (remove all rules)
  • -P – Set default policy

Safety Tips When Using iptables

  • Always allow SSH before testing other rules
  • Save your rules or they’ll disappear after reboot
  • Use screen or tmux when editing remotely (so you don’t lose connection)
  • Test with a second terminal session
  • Block only what you understand

A Quick Comparison: iptables vs FirewallD

I’ve used both tools. Here’s how they compare, in my experience:

Feature iptables FirewallD
Setup Manual Easier with zones
Control Precise More automatic
Persistent Rules Needs setup Built-in
Learning Curve Steeper Easier for newbies

I use iptables when I want tight control and don’t mind typing more. I use FirewallD for simple web servers or desktops.


Final Thoughts

Setting up iptables isn’t hard once you understand the basics. It gives you full control over your server’s traffic. You get to decide what comes in and what stays out.

In this post, you learned how to:

  • Set default firewall behavior
  • Open key ports like SSH and HTTP
  • Allow traffic safely
  • Save and view your rules

Do you feel more confident using iptables now? Have you ever locked yourself out by mistake? (I have—more than once.)

Let me know if you’d like a follow-up about advanced iptables setups or using iptables-save and iptables-restore.

Leave a Reply