Useful Firewall Rules to Configure and Manage Firewall in Linux

Managing network traffic is a critical aspect of any organization and a

tricky job for system administrators. Knowing what traffic to allow and
what to block can be a matter of being safe or vulnerable to cyber-
attacks.

A firewall is a tool built to aid system administrators in regulating

incoming and outgoing traffic. System administrators working with
Linux servers must be familiar with Iptables. Iptables is a flexible
firewall tool built for Linux operating systems. Iptables can seem
intimidating, but knowing a few tricks and commands could make
working with Iptables much easier.
1. What is Iptables and how to view them?
Iptables is a command-line based firewall utility that works on the
principal of rules to allow or block incoming and/or outgoing traffic.
When traffic hits the firewall, Iptables looks for rules matching the
connection type, IP or Port and resorts to action set for the rule.
 The first command is a simple one to view the Iptables which also
works to install/update it.
sudo apt-get install Iptables
2. Check Input, Output and Forward Chains
Iptables utilizes 3 different chains:

Input: This chain is used to control the nature of incoming traffic. For
example, if your server acts as a mail server and receives POP/IMAP
connections, it will cross check the IP and port with an input rule.
Output: This chain is used control the behaviour if outgoing
connections. For example, if you search for www.google.com, once the
outgoing connection hits the Linux server, the Iptables firewall checks if
the domain google.com, the port or connection has any rule set to it.
Forward: This chain is used from traffic that hits your Linux server but is
intended to be routed to another destination. The Linux server acts as a
forwarding server.

To check the input, output and forwarded data through the Linux box
running Iptables Firewall, type:

Picture Credit
The above image shows, in Gigabytes, how much traffic came in, went
out and was forwarded.
1. 3. Default settings for Input, Output and Forward chains

Iptables works by way of rules. When a connection hits the Linux

server, it checks if there is an existing rule for the connection, if not, it
applies the default rule. It is good to know what the default rule is,
before going about setting new rules. To find the default rules for Input,
Output and Forward chains, type:
# iptables -L -n v
For a Firewall with no rules configured, an output similar to the below
one will be displayed:

Picture Credit
The setting basically says your Firewall is allowing all traffic in, out and
forward if required. For a Firewall with rules set should look something
like this:
Picture Credit
In this image it is clearly seen the firewall is accepting some
connections and dropping ones that go against a rule.

Read More