Erle Robotics Introduction to Networking in Linux

Orders and parameters

Most common orders are:

Order Meaning
Iptables-F flush (erase, emptying) of all rules.
IPtables-L list of rules that are being implemented.
Iptables-A add rule.
Iptables-D delete a rule .

Most used parameters are:

Parameter Meaning
-p [protocol] protocol to which the packet belongs.
-s [source] source address of the packet, can be a hostname, a normal IP address or a network address (mask, so address / mask).
-d [destination] Like the above, it can be a host name, network address, or unique IP address.
-i [interface-entry] Specify the interface on which the packet is received.
-o [output-interface] interface by which to send the packet.
[!]-F: Specifies that the rule refers to second and further fragments of a fragmented packet. If preempts!, Refers only to the first package, or unfragmented packets.
-j [target] Allows you to choose the target to which to send the packet, ie, the action to perform with him.

For more, you can try typing:

iptables --help


First you may have in to account that if you get this when you use the command line above, you don't need to type -t filter in the following commands:

  --table       -t table        table to manipulate (default: `filter')

To list or consult our firewall rules:

iptables -t filter  -L

When calling one of the chains, we do this:

iptables -t <table> -Action <string>

The table is filter, the action can be A,-I,-P or-D (plus other more specific ), With respect to the chain, we have the choice between -INPUT, -OUTPUT ,- FORDWARD .


iptables -t filter -A INPUT

To create a basic firewall that blocks incoming connections only, first we build the policies of the three chains of the filter table:

iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT


Now for an example of a rule that accepts connections to port 80 of the system:

iptables -A INPUT -i eth0-s / 0-p TCP - dport www-j ACCEPT

And here the description of each component of the above command:

  • iptables: Iptables command to (do not forget that the rules are a Shell script)
  • A: append option to add the rule
  • INPUT: package status (to enter is INPUT)
  • i eth0: eth0 network interface
  • s / 0: address access (either in this case)
  • p TCP: port type
  • dport: destination port
  • j ACCEPT: packet destination (although it is accepted here could be DROP, LOG, REJECT, ..)

For more info you can visit this two websites: