Iptable is an interface of the command line used for setting-up and maintaining tables for Netfilter Firewall in IPv4, added within the Linux kernel. The firewall will match packets with some rules described in the tables and take the defined action on any feasible match.
Let's discuss some features.
Types of Tables of iptables
Tables can be categorized into five different types:
Types of Chains of iptables
Some built-in chains of iptable can be categorized into the following types:
Note: We can also make user-defined chains.
Types of Options of iptables
1. -A, -append: It can append to any chain given in the parameters.
Example: The append command can drop each traffic coming over a port.
2. -D -delete: It can delete rules through a particular chain.
Example: The delete command can delete rule 2 through the INPUT chain.
3. -C, -check: It can check when any rule is available within a chain or not. This command will return 0 when the rule endures and provide 1 when it doesn't.
Example: This command can check whether a particular rule is available within the INPUT chain.
Types of parameters of iptables
Iptables command facilitates parameters that are used for matching a packet and implement the particular actions. Some important parameters are discussed as follows:
1. -p, -proto: It is a protocol that any packet pursues. Feasible values can be ssh, icmp, udp, tcp, etc.
Example: The protocol parameter can append any rule within the INPUT chain for dropping every udp packet.
2. -s, -source: It is applied for matching with the packet's source address.
The source parameter can append the rules within the INPUT chain for accepting each packet originating through 192.168.1.230.
3. -d, -destination: It is used for matching with the packet's destination address.
Example: The destination parameter can append the rules within the OUTPUT chain for dropping each packet intended for 192.168.1.123.
4. -i, -in-interface: It can match the packets with the particular in-interface and hold the action.
Example: The interface parameter can append the rules within the INPUT chain for dropping each packet intended to the wireless interface.
5. -o, -out-interface: It can match the packets along with the particular out-interface.
6. -j, -jump: The jump parameter defines an operation to be taken over a match.
Example: The jump parameter can add the rules within the FORWARD chain for dropping each packet.