iptables Cheatsheet

Here’s a quick reference for configuring iptables firewall rules. I don’t use this enough to have it all memorized, so this post will hopefully come in useful for the next time I need to configure a firewall.

# show basic filters
iptables -L

# show filters with rules numbers an packet counts, using ips.
iptables -nvL --line-numbers

# zero out bytes in verbose listing
iptables -Z

# dump current rules in iptables-save format
# (useful for formatting new rules)
iptables -S

# drop/reject all inbound packets by default
iptables -P INPUT DROP
iptables -P INPUT REJECT

# add a rule to the end of a chain allow all http traffic
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# insert a rule into a chain
# use the --line-numbers flag from above to get $RULE
iptables -I INPUT $RULE -p tcp --dport 80 -j ACCEPT

# allow all local traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# delete a rule from a chain
iptables -D INPUT $RULE

# delete all rules from a chain
iptables -F INPUT $RULE

# delete all chains from the firewall table
iptables -X

# create a new chain called $CHAIN
iptables -N $CHAIN

# allowing incoming and established traffic
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# block an ip completely
iptables -A INPUT -s X.X.X.X -j DROP

# saving and restoring rules
iptables-save > iptables.rules
iptables-restore < my_iptables_rules.txt

Other Resources