Security
Firewall
Advanced
iptables firewall: basic rules for servers
Configure Linux firewall with iptables. Allow SSH, HTTP/HTTPS, block unnecessary ports, and persist rules.
UnderHost NOC
Network Operations
iptables is the Linux kernel firewall. It controls incoming/outgoing traffic by allowing or blocking specific ports and IP addresses.
Basic concepts
- Chain: INPUT (incoming), OUTPUT (outgoing), FORWARD (between servers)
- Policy: Default action (ACCEPT or DROP)
- Rule: Condition + action (allow or deny specific traffic)
Common rules
Allow SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPTAllow HTTP (port 80) and HTTPS (port 443)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPTAllow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTBlock all other traffic
iptables -P INPUT DROPPersist rules across reboot
apt-get install iptables-persistent
iptables-save > /etc/iptables/rules.v4View active rules
iptables -L -n -v # List all rulesBe careful with firewall rules
Blocking SSH access before allowing it will lock you out. Always allow SSH before changing the INPUT policy.
Related: Fail2Ban | VPS management
Was this article helpful?
Need security-focused hosting?
UnderHost services include DDoS-aware infrastructure, SSL support, account isolation, backups, and security guidance.
