Image

Knowledge base → Setting up iptables firewall in Debian 12

[Virtual servers]
Date of publication: 16.10.2023

In Debian 12, the iptables firewall is built into the kernel and, unlike previous Debians, does not have service status. In this guide we will look at the basic management commands.

1. View the list of rules

iptables -L -n

Using the -n switch disables IP address to host name translation (IP-PTR).

1.1 View a list of rules with numbering

iptables -L --line-numbers

2 Working with rules

2.1 Examples of rules for port resolution

2.1.1 Let's allow connections via port 22

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

2.1.2 Let's allow connections via port 80

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

2.1.2 Let's allow connections on port 443 and make the rule the first in the chain of rules

iptables -A INPUT 1 -p tcp --dport 443 -j ACCEPT

2.2 Deleting rules

2.2.1 Deleting by rule number

iptables -D INPUT 1

2.2.2 Deleting by content of a rule

iptables -D INPUT -p tcp --dport 80 -j ACCEPT

2.3 Examples of rules for prohibition

2.3.1 Deny connection for a specific IP to port 25

iptables -A INPUT -s xx.ip.xx.ip -p tcp –destination-port 25 -j DROP

2.3.2 Deny connection for a specific ip completely

iptables -A INPUT -s 192.168.0.100 -j DROP

2.3.3 Deny connection for the entire subnet

iptables -A INPUT -s 192.168.0.0/24 -j DROP

2.4 Resetting the rule chain

Please note that you have a default rule set before entering the reset rules command, as this will result in a loss of connection to the server.

iptables -P INPUT ACCEPT

2.4.1 Reset all rules

iptables -F

2.4.2 Resetting the rule chain

iptables -F INPUT

3. Saving the rules

After the server is rebooted, all registered rules will be deleted. To prevent this from happening, we will install the utility.

apt install iptables-persistent

During the installation process, you will be prompted to save the current rules settings. iptables-persistent looks for rules.v4 and rules.v6 files in /etc/iptables and restores them when the server starts.

3.1 Saving rules

3.1.1 Saving via iptables-persistent

netfilter-persistent save

3.1.2 Saving via iptables

To save rule settings later, use the command

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

3.2 Restoring rules

3.2.1 Restoration and replacement of current rules

iptables-restore < /etc/iptables/rules.v4

3.2.2 Restore while maintaining current rules

iptables-restore -n < /etc/iptables/rules.v4




No Comments Yet