{"id":31,"date":"2013-04-05T13:20:00","date_gmt":"2013-04-05T11:20:00","guid":{"rendered":"http:\/\/www.ncodenicer.com\/?p=31"},"modified":"2026-05-10T19:38:06","modified_gmt":"2026-05-10T17:38:06","slug":"basic-linux-firewall-configuration-iptables","status":"publish","type":"post","link":"https:\/\/www.codenicer.com\/?p=31","title":{"rendered":"Basic linux firewall configuration (iptables)"},"content":{"rendered":"\n<p>Linux firewall divides all traffic into 3 groups<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>INPUT<\/li>\n\n\n\n<li>OUTPUT<\/li>\n\n\n\n<li>FORWARD<\/li>\n<\/ul>\n\n\n\n<p>First two are obvious, third group I guess also covers nat and similar features.<\/p>\n\n\n\n<p>Traffic is controlled by adding accept or reject rules to appropriate group &#8211; compared to OpenBSD&#8217;s pf iptables seems to be missing tables (weird choice for name, he he), all rules seem to behave like quick rules and you need explicitly to take care of connection state.<\/p>\n\n\n\n<p>Sample configuration (what would be common configuration for web server &#8211; allow icmp, allow http and https from outside, don&#8217;t filter things on loopback):<code><br>#!\/bin\/sh<br>\/sbin\/iptables -F<br>\/sbin\/iptables -A INPUT -i lo -j ACCEPT<br>\/sbin\/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<br>\/sbin\/iptables -A INPUT -p tcp --dport http -j ACCEPT<br>\/sbin\/iptables -A INPUT -p tcp --dport https -j ACCEPT<br>\/sbin\/iptables -A INPUT -p icmp -j ACCEPT<br>\/sbin\/iptables -A INPUT -j DROP<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux firewall divides all traffic into 3 groups First two are obvious, third group I guess also covers nat and similar features. Traffic is controlled by adding accept or reject rules to appropriate group &#8211; compared to OpenBSD&#8217;s pf iptables seems to be missing tables (weird choice for name, he he), all rules seem to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[28,29,25],"class_list":["post-31","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-firewall","tag-iptables","tag-linux"],"_links":{"self":[{"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/posts\/31","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=31"}],"version-history":[{"count":1,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":32,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=\/wp\/v2\/posts\/31\/revisions\/32"}],"wp:attachment":[{"href":"https:\/\/www.codenicer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codenicer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}