What is IPTABLES?
iptables is a GPL licensed utility that allows the Linux kernel firewall to configure IP packet filter rules. Filters are organized in different tables that contain chains of rules for how packets of network traffic should be handled.
Each rule contains what to do with that package (ACCEPT, REJECT etc) when it matches the package rule of a package. When a packet is matched, it is given a TARGET. When a new rule is added you can define the target as follows:
- ACCEPT: Passing of packets is allowed.
- REJECT: Access denied packets.
- DROP: Passing of packets is not allowed.
- RETURN: Sent to the end of the chain.
- QUEUE: Packets are sent to the user area.
Different methods to DROP connection in IPTABLES
Packages arriving on your system may need to be dropped. This is sometimes a security reason. In this article we will tell you how to DROP iptables packages.
Method-1: Drop traffic connections on Localhost
When traffic goes from your machine to your machine, it always has a "lo" input interface. Source or destination IP address does not matter. The iptables rule should be written like this:
sudo iptables -I INPUT ! -i lo -p tcp --dport <port> -j DROP
You should write the port you want to drop in the <port> part. For example, to drop input connections with port 80:
foc@ubuntu22:~$ sudo iptables -I INPUT ! -i lo -p tcp --dport 80 -j DROP
To drop output connections with port 80:
foc@ubuntu22:~$ sudo iptables -I OUTPUT ! -i lo -p tcp --dport 80 -j DROP
The rule added with the -L parameter is displayed:
foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http
...
Method-2: Drop connections on specific Port
In the above step, we added a drop rule to localhost. Now, to add a drop rule to a specific port, it should be written as follows:
sudo iptables -I INPUT -p tcp --dport <port> -s 127.0.0.1 -j DROP
For example, to drop connections from 192.168.122.3 source ip address to port 443:
foc@ubuntu22:~$ sudo iptables -I INPUT -p tcp --dport 443 -s 192.168.122.3 -j DROP
The added rule looks like this:
foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 192.168.122.3 anywhere tcp dpt:https
....
Method-3: Drop Packets By Source Host
To drop connections from a specific source without specifying any ports:
sudo iptables -A INPUT -s 192.168.42.1 -j DROP
The added rule looks like this:
foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.42.1 anywhere
...
If you want to specify an IP range to reject incoming packets, you can use the Iprange module by specifying the -m option and the IP range with -src-range:
sudo iptables -A INPUT -m iprange --src-range 192.168.42.100-192.168.42.200 -j DROP
Let's look at the rule with the -L parameter:
foc@ubuntu22:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere source IP range 192.168.42.100-192.168.42.200
...
Method-4: DROP All Incoming or Outgoing Traffic
Sometimes it may be necessary to disconnect all connections for a specific reason.
sudo iptables -A INPUT -j DROP
But after this command all your connections, including ssh, will be disconnected. Make sure you're next to the server or that we have access!
To drop all output connections:
sudo iptables -A OUTPUT -j DROP
What is NEXT?
- How to disable ICMP timestamp responses in Linux
- How to stop ICMP ping flood attack (DOS) on Linux
- How to disable firewall in Rocky Linux? [SOLVED]
Summary
The firewall of an operating system is important. Incoming and outgoing connections to the system pass/return through this firewall wall. Care should be taken when adding a rule and deleting it. We recommend testing the rules on your test system before adding them.
For more detailed information about IPTABLES, you can get help on the manual page.
References
serverfault.com - REJECT vs DROP when using iptables