Linux IPtables

Firewalls are tools that can protect an OS. Linux has iptables and firewalld, which contain firewall rules and can manage firewall rules in Linux. Essentially, iptables and firewalld are configured by the systems administrator to reject or accept traffic. While you are not expected to be able to configure a system, read this article to see how iptables can control incoming or outgoing traffic. Why does the order of the rules matter?

Linux firewalls: What you need to know about iptables and firewalld

The firewall

A firewall is a set of rules. When a data packet moves into or out of a protected network space, its contents (in particular, information about its origin, target, and the protocol it plans to use) are tested against the firewall rules to see if it should be allowed through. Here's a simple example:


A firewall can filter requests based on protocol or target-based rules.

On the one hand, iptables is a tool for managing firewall rules on a Linux machine.

On the other hand, firewalld is also a tool for managing firewall rules on a Linux machine.

You got a problem with that? And would it spoil your day if I told you that there was another tool out there, called nftables?

OK, I'll admit that the whole thing does smell a bit funny, so let me explain. It all starts with Netfilter, which controls access to and from the network stack at the Linux kernel module level. For decades, the primary command-line tool for managing Netfilter hooks was the iptables ruleset.

Because the syntax needed to invoke those rules could come across as a bit arcane, various user-friendly implementations like ufw and firewalld were introduced as higher-level Netfilter interpreters. Ufw and firewalld are, however, primarily designed to solve the kinds of problems faced by stand-alone computers. Building full-sized network solutions will often require the extra muscle of iptables or, since 2014, its replacement, nftables (through the nft command line tool).

iptables hasn't gone anywhere and is still widely used. In fact, you should expect to run into iptables-protected networks in your work as an admin for many years to come. But nftables, by adding on to the classic Netfilter toolset, has brought some important new functionality.

From here on, I'll show by example how firewalld and iptables solve simple connectivity problems.




Source: David Clinton, https://opensource.com/article/18/9/linux-iptables-firewalld
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.