iptables is the traditional user-space tool for configuring Linux's netfilter packet filtering framework. It has been the default firewall tool since the late 1990s and, despite being superseded by nftables, is still widely used and understood. iptables organises rules into tables (filter, nat, mangle, raw) and each table into chains (INPUT, OUTPUT, FORWARD, and user-defined ones).
sudo iptables -L -n -v # list filter rules
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -P INPUT DROP # default drop
sudo iptables-save > /etc/iptables/rules.v4
Rules are evaluated in order; the first matching rule determines the packet's fate. Targets include ACCEPT, DROP, REJECT, LOG, MASQUERADE, and user-defined chains. The state match, part of the connection tracking module, is essential for stateful firewalls.
Modern systems are moving to nftables (nft), which uses a cleaner rule syntax, supports IPv4 and IPv6 in one place, and has better performance on large rule sets. Most distributions now ship iptables as a thin compatibility wrapper over nftables behind the scenes. Higher-level tools like ufw and firewalld provide friendlier interfaces atop either.
Discussed in:
- Chapter 12: Networking — Firewalls: iptables, nftables, ufw, firewalld
Also defined in: Textbook of Linux