In Debian 12, the iptables firewall is built into the kernel and, unlike previous Debians, does not have service status. In this guide we will look at the basic management commands.
1. View the list of rules
iptables -L -n
Using the -n switch disables IP address to host name translation (IP-PTR).
1.1 View a list of rules with numbering
iptables -L --line-numbers
2 Working with rules
2.1 Examples of rules for port resolution
2.1.1 Let's allow connections via port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
2.1.2 Let's allow connections via port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
2.1.2 Let's allow connections on port 443 and make the rule the first in the chain of rules
iptables -A INPUT 1 -p tcp --dport 443 -j ACCEPT
2.2 Deleting rules
2.2.1 Deleting by rule number
iptables -D INPUT 1
2.2.2 Deleting by content of a rule
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
2.3 Examples of rules for prohibition
2.3.1 Deny connection for a specific IP to port 25
iptables -A INPUT -s xx.ip.xx.ip -p tcp –destination-port 25 -j DROP
2.3.2 Deny connection for a specific ip completely
iptables -A INPUT -s 192.168.0.100 -j DROP
2.3.3 Deny connection for the entire subnet
iptables -A INPUT -s 192.168.0.0/24 -j DROP
2.4 Resetting the rule chain
Please note that you have a default rule set before entering the reset rules command, as this will result in a loss of connection to the server.
iptables -P INPUT ACCEPT
2.4.1 Reset all rules
iptables -F
2.4.2 Resetting the rule chain
iptables -F INPUT
3. Saving the rules
After the server is rebooted, all registered rules will be deleted. To prevent this from happening, we will install the utility.
apt install iptables-persistent
During the installation process, you will be prompted to save the current rules settings. iptables-persistent looks for rules.v4 and rules.v6 files in /etc/iptables and restores them when the server starts.
3.1 Saving rules
3.1.1 Saving via iptables-persistent
netfilter-persistent save
3.1.2 Saving via iptables
To save rule settings later, use the command
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
3.2 Restoring rules
3.2.1 Restoration and replacement of current rules
iptables-restore < /etc/iptables/rules.v4
3.2.2 Restore while maintaining current rules
iptables-restore -n < /etc/iptables/rules.v4