iptables is the traditional Linux packet filtering framework. While UFW provides a simplified interface, understanding iptables directly is valuable for advanced firewall rules, NAT, port forwarding, and Docker networking. This guide configures iptables on Ubuntu 26.04 LTS.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS
- A user with sudo privileges
- Basic networking knowledge
Step 1 – View Current Rules
sudo iptables -L -v -n
sudo iptables -L -v -n --line-numbersStep 2 – Set Default Policies
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPTStep 3 – Allow Established Connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTStep 4 – Allow Loopback Traffic
sudo iptables -A INPUT -i lo -j ACCEPTStep 5 – Allow SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPTStep 6 – Block an IP Address
sudo iptables -A INPUT -s 203.0.113.100 -j DROPStep 7 – Rate-Limit SSH Connections
sudo iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/min --limit-burst 5 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROPStep 8 – Save Rules Persistently
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
# Rules saved to /etc/iptables/rules.v4Conclusion
iptables is configured on Ubuntu 26.04 LTS with a default-deny policy and explicit allow rules. The rules persist across reboots via iptables-persistent. For most use cases, UFW provides the same capability with a simpler syntax.
