Uncover the infinite in IT

How Can We Help?

Table of Contents
< All Topics

iptables setup guide

Overview about this iptables setup guide

This iptables setup guide shows you how to remove nftables, install iptables on Debian 11 (Bullseye), and set up basic security rules

Removing nftables and Its Dependencies

Debian 10, 11 and 12 use nftables as the default firewall. To switch to iptables, you need to remove nftables first.

To do this, log in to your server using SSH and run these commands:

apt-get remove --auto-remove nftables
apt-get purge nftables

Install IPtables on Debian 11

After removing nftables, you can install iptables by running these commands:

apt-get update
apt-get install iptables

Checking iptables Status

To see the status of iptables and list all rules, run:

iptables -L -v

By default, all chains (INPUT, FORWARD, OUTPUT) are set to ACCEPT. This means no security rules are active yet.

Clear Iptables Rules

To remove all iptables rules and open all ports, use these commands:

iptables -P INPUT ACCEPT
iptables -F
iptables -X

This resets all rules to their default state.

Basic iptables Configuration Example

This example shows how to:

  • Allow HTTP (80) and HTTPS (443) connections.
  • Open SSH (22) only for your IP address.
  • Allow ICMP (ping) requests.
  • Block all other incoming traffic.

Replace xxx.xxx.xxx.xxx with your IP address and run:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp -m state -m comment -s xxx.xxx.xxx.xxx/32 --dport 22 --state NEW -j ACCEPT --comment "Open SSH Port for your xxx.xxx.xxx.xxx/32 IP only "
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Check the status again:

iptables -L -v

These rules will be lost after a reboot unless saved.

Making iptables Rules Persistent

To keep the rules after reboot, install iptables-persistent:

apt-get install iptables-persistent

Configuration files are saved in:

  • IPv6 Rules: /etc/iptables/rules.v6
  • IPv4 Rules: /etc/iptables/rules.v4

Saving iptables Rules

To save the current rules, run:

iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

Restoring iptables Rules

To restore rules from the saved files, use:

iptables-restore < /etc/iptables/rules.v4
ip6tables-restore < /etc/iptables/rules.v6

More about Basic Security

iptables Basics

Conclusion

This guide shows you how to:

  • Uninstall nftables
  • Install iptables on Debian 11
  • Set up basic security rules
  • Save and restore rules to keep them after reboots

By following these steps, you can control network traffic and protect your server from unauthorized access. This guide is perfect for anyone looking to secure a Debian-based server.

RSS
Facebook
X (Twitter)
Pinterest
fb-share-icon
LinkedIn
Share
WhatsApp
Copy link
URL has been copied successfully!