Tools: iptables Explained: A Practical Guide to Linux Firewall Management (2026)
What Is iptables?
Why iptables Still Matters
How iptables Works
Tables
Chains
Basic iptables Syntax
Common Rule Operations
Understanding Default Policies
Essential Real-World Rules
Allow Loopback Traffic
Allow Established and Related Connections
Allow SSH
Allow HTTP and HTTPS
Example: Basic Secure Server Firewall
DROP vs REJECT
REJECT
Listing and Deleting Rules
Saving Rules
NAT and Masquerading
Logging Traffic
Best Practices
Common Beginner Mistakes
iptables vs nftables
Final Thoughts Linux has always been known for its flexibility, performance, and strong security model. One of the most important parts of securing any Linux system is properly controlling network traffic, and for years, iptables has been one of the most widely used tools for that job. Even though newer technologies like nftables are becoming more common, iptables is still heavily used in servers, VPS environments, labs, embedded systems, and legacy production deployments. If you work with Linux, understanding iptables is still an essential skill. In this guide, we’ll look at what iptables is, how it works, and how to use it in real-world scenarios. iptables is a userspace utility used to configure the Linux kernel’s packet filtering system through the netfilter framework. In simple terms, it allows you to define which network traffic should be: It gives administrators direct control over how packets move in and out of a Linux system. A firewall is one of the first lines of defense for any server. Without proper filtering, services may be exposed unnecessarily, administrative ports may remain open to the public internet, and systems become easier targets. With iptables, you can: iptables is built around three main concepts: Tables are groups of chains used for different networking purposes. The most common tables are: In most day-to-day firewall configurations, the filter table is the most important one. Chains are collections of rules inside a table. In the filter table, the three main chains are: Rules define what should happen when traffic matches certain conditions. Common targets include: A typical iptables command looks like this: Some frequently used options include: Each chain has a default policy. This determines what happens when no rule matches a packet. The most common policies are: A secure configuration often uses a default deny approach: This means inbound and forwarded traffic is blocked unless explicitly allowed. Local system processes depend on the loopback interface. This is one of the most important rules in almost every firewall setup: It allows return traffic for connections that are already in progress. To allow remote administration: To make it more secure, restrict SSH to a trusted source IP: Here is a simple example of a minimal server firewall: iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTiptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT Everything else is denied. These two actions are often confused. DROP silently discards the packet. The sender gets no reply. REJECT actively refuses the connection and sends a response back. In security-focused environments, DROP is often preferred. In controlled environments, REJECT can make troubleshooting easier. To list current rules: To show line numbers: To delete a specific rule by number: Or by matching the full rule: One common beginner mistake is assuming iptables rules persist after reboot. In many systems, they do not unless explicitly saved. On some distributions, tools such as iptables-persistent are used to automatically restore rules at boot. iptables can also perform Network Address Translation. A common use case is masquerading outbound traffic from internal clients: This is commonly used on routers, VPN gateways, and lab systems. If forwarding is required, enable it: Logging can be useful before dropping packets: Be careful with logging too much traffic, since it can flood system logs and create unnecessary load. Most iptables problems come from a few recurring issues: Modern Linux distributions are increasingly moving toward nftables, which offers a more consistent and modern rule framework. Still, iptables remains important because: In other words, even if nftables is the future, iptables is still worth learning. iptables remains one of the classic tools of Linux administration and network security. It gives you detailed control over packet filtering, service exposure, traffic flow, and access control. Whether you're protecting a web server, restricting SSH access, setting up lab routing, or learning Linux firewall fundamentals, iptables is still a valuable tool to understand. And even if your environment is gradually moving to nftables, the logic you learn from iptables will continue to be useful for years. Want to explore the topic further? Download the complete NFTables Cheat Sheet here: https://dargslan.com/cheat-sheet/nftables-complete-guide-2026 Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse
