Share your love
Best Guide To Install and Use Iptables on AlmaLinux 8
In this guide, we want to teach you How To Install and Use Iptables on AlmaLinux 8. Simply put, iptables is a firewall program for Linux. It will monitor traffic from and to your server using tables. These tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.
When a packet matches a rule, it is given a target, which can be another chain or one of these particular values:
- ACCEPT – will allow the packet to pass through.
- DROP – will not let the packet pass through.
- RETURN – stops the packet from traversing through a chain and tells it to return to the previous chain.
Now you can proceed to the following steps provided by the Orcacore team to Install and Use Iptables on AlmaLinux 8.
Table of Contents
Steps To Install and Use Iptables on AlmaLinux 8
To Install and Use Iptables on AlmaLinux 8, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with AlmaLinux 8.
Step 1 – Install Iptables Firewall on AlmaLinux 8
To Install and Use Iptables on AlmaLinux 8, update your local package index with the following command:
sudo dnf update
By default, iptables come pre-installed in most Linux distributions.
If you don’t have it, then, you can Install and Use Iptables on AlmaLinux 8 with following command:
sudo dnf install iptables-services
Verify your Iptables installation by using the command below:
sudo rpm -qa | sudo grep -i iptables-services
Output
iptables-services-1.8.4-22.el8.x86_64
Step 2 – Manage Iptables Service on AlmaLinux
At this point, you can use the command below to start Iptables on AlmaLinux 8:
sudo systemctl start iptables
To enable it to start on boot, use the command below:
sudo systemctl enable iptables
Verify that the Iptables service is active and running on AlmaLinux 8:
sudo systemctl status iptables
In your output you will see:
Output
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pr>
Active: active (exited) since Sat 2022-10-08 06:30:47 EDT; 10s ago
Main PID: 39471 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 23668)
Memory: 0B
CGroup: /system.slice/iptables.service
...
Now follow the rest of the article about Install and Use Iptables on AlmaLinux 8 to check your configuration and start using it.
Step 3 – Check iptables Configuration on AlmaLinux
At this step of Install and Use Iptables on AlmaLinux 8, you can check your iptables configuration on AlmaLinux with the following command:
sudo iptables -L -v
- The -L parameter is for the list of all rules, and the -v parameter is used to show information in more detail.
In your output you will see:
Output
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19 1348 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
12 617 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 24 packets, 3007 bytes)
pkts bytes target prot opt in out source destination
Now that you have installed iptables on AlmaLinux 8, let’s do some basic usage of it.
Step 4 – How To Use iptables on AlmaLinux 8?
In this part of Install and Use iptables on AlmaLinux 8, we intend to show you some basic usage of iptables on your server.
You can use iptables to define a rule. It means that you can append it to the chain.
To do this, you can use the -A parameter after the iptables command on AlmaLinux 8 as shown below:
sudo iptables -A [argument]
Also, you can combine the command with other parameters like:
- -i: the network interface whose traffic you want to filter, such as eth0, lo, ppp0, etc.
- -p: the network protocol where your filtering process takes place. It can be either TCP, UDP, udplite, ICMP, SCTP, icmpv6, and so on. Also, you can type all to choose every protocol.
- -s: the address from which traffic comes. You can add a hostname or IP address.
- -dport: the destination port number of a protocol, such as 22 (SSH), 443 (https), etc.
- -j: the target name (ACCEPT, DROP, RETURN). You need to insert this every time you make a new rule.
Note: If you want to use all of the parameters, you need to type the iptables command on AlmaLinux 8 in the order shown below:
sudo iptables -A <chain> -i <interface> -p <protocol (tcp/udp)> -s <source> --dport <port no.> -j <target>
To allow traffic on localhost, you can use the iptables firewall command like the below command:
sudo iptables -A INPUT -i lo -j ACCEPT
You can enable a connection like SSH on iptables command like this:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Then, you can check the rule that has been appended in iptables on AlmaLinux 8 with the command below:
sudo iptables -L -v
In your output you will see:
Output
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
Iptables allow you to filter packets on an IP address or a range of IP addresses. To do this, you need to use the -s parameter in the iptables command on AlmaLinux 8. For example:
sudo iptables -A INPUT -s 10.10.0.1 -j ACCEPT
You can also reject the packets with the command below:
sudo iptables -A INPUT -s 10.10.0.1 -j DROP
Also, you can drop all other traffic simply by using the following command:
sudo iptables -A INPUT -j DROP
To delete all current rules on your iptables firewall you can use the following command:
sudo iptables -F
To delete a specific rule, you need to first check the available rules of iptables on AlmaLinux 8 by typing the following command:
sudo iptables -L --line-numbers
In your output you will see:
Output
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
6 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Here to delete a specific rule, you also need to specify the rule number in the command below:
sudo iptables -D INPUT 4
To apply the changes that have been saved on boot you can use the following command:
sudo /sbin/iptables-save
Step 5 – How To Disable iptables on AlmaLinux?
In this part of Install and Use iptables on AlmaLinux 8, if you want to disable iptables, you can use the following commands:
$ sudo iptables -F $ sudo /sbin/iptables-save
In your output you will see:
Output
:INPUT ACCEPT [19:2597]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:528]
...
If you want to find more detailed information about iptables and their options it is highly recommended to read its manual:
man iptables
Conclusion
At this point, you have learned to Install and Use Iptables on AlmaLinux 8. IPTables is an essential tool for managing firewall rules on AlmaLinux 8. It gives you full control over network traffic. By installing and configuring IPTables, you can enhance your system’s security, monitor data flow, and prevent unauthorized access.
Hope you enjoy Install and Use Iptables on AlmaLinux 8. You may also like the following articles:
AlmaLinux 9 vs Ubuntu 24 Server: Which OS is Right for You?
Top 5 Free ChatGPT Alternatives 2024
Enable NTP Service on Ubuntu 24.04
FAQs
What is the purpose of IPTables on AlmaLinux?
IPTables is used to manage incoming and outgoing network traffic. It’s a key part of network security. As you saw in the guide steps, you can easily install and use iptables on AlmaLinux 8.
How do I enable IPTables on boot?
To enable IPTables on boot as described in the guide steps of Install and Use Iptables on AlmaLinux 8, you can run the following commands: systemctl enable iptables
systemctl start iptables
Can I save my IPTables configuration for future use?
Yes, you can save your IPTables configuration with the command below:service iptables save