iptables is the classic Linux firewall utility that provides fine-grained packet filtering and NAT. While Ubuntu uses UFW as a front-end by default, understanding iptables rules is essential for advanced network control on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- A user with sudo privileges
- Basic understanding of networking and IP addresses
Step 1 – View Current Rules
List all current iptables rules:
sudo iptables -L -n -v
sudo iptables -t nat -L -n -vStep 2 – Set Default Policies
Set the default drop policy (do this carefully — it will block all traffic):
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPTStep 3 – Allow Established Connections and Loopback
Allow existing connections and localhost traffic:
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPTStep 4 – Allow SSH
Allow SSH connections (change port if needed):
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPTStep 5 – Allow HTTP and HTTPS
Allow web traffic:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPTStep 6 – Block an IP Address
Drop all traffic from a specific IP:
sudo iptables -A INPUT -s 203.0.113.100 -j DROPStep 7 – Save Rules Persistently
Install iptables-persistent to save rules across reboots:
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
sudo netfilter-persistent reloadView saved rules:
sudo cat /etc/iptables/rules.v4Conclusion
iptables rules are now configured on Ubuntu 24.04 LTS. For simpler management, UFW wraps iptables in an easy-to-use interface. Use raw iptables for complex routing, NAT, and port forwarding scenarios.
