Basic commands
The following command can be used to show a list of all rules. The -L option is used to list the rules.
sudo iptables -L
Below you will find an example of the output:
root@worldstream:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
It is also possible to show the list of current rules with line numbers. The below command can be used for this:
sudo iptables -L --line-numbers
The below command can be used to delete a specific rule from a chain. In this command the line numbers are used. The -D option stands for delete and at the end the rule number is mentioned you wish to remove:
sudo iptables -D INPUT 2
The following command will change the FORWARD policy to DROP. In this command the -P option is used to change the policy:
sudo iptables -P FORWARD DROP
If you wish to remove all rules currently active in the iptables the following command is used. In this command the option -F means “flush all rules”:
sudo iptables -F
How to secure your own connection to the server
If you wish to make sure that you are always able to enter your server you will have to insert a rule in iptables that will allow your connection. The one thing you need for this is your own public IP. The IP address you use at home or at work will be used to create a rule which will allow the connection. The below command can be used to make sure your IP is allowed in iptables:
sudo iptables -I INPUT -p tcp -s [Your public IP address] --dport 22 -j ACCEPT
In the above command SSH port 22 is used. Do note if you are using a different port that this will need to be adjusted in the command as well. How to change your SSH port can be found here.