Implementing firewall rules with iptables on AlmaLinux

By Anurag Singh

Updated on Jul 08, 2024

Implementing firewall rules with iptables on AlmaLinux

In this tutorial, we'll explain how we implementing firewall rules with iptables on AlmaLinux 9 involves a series of steps to install, configure, and manage. It involves a series of steps to install, configure, and manage iptables. Here's a detailed guide:

Step 1: Install iptables

Most modern Linux distributions, including AlmaLinux, come with iptables installed by default. You can verify its installation by running:

sudo yum install iptables iptables-services -y

Step 2: Enable and Start iptables

Enable the iptables service to start on boot and start the service:

sudo systemctl enable iptables
sudo systemctl start iptables

Step 3: Basic iptables Commands

List current rules:

sudo iptables -L -v

Add a rule:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Delete a rule:

sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT

Save rules:

sudo service iptables save

Restore rules:

sudo service iptables restart

Step 4: Example iptables Configuration

Here's an example of a basic iptables configuration:

Flush existing rules:

sudo iptables -F

Set default policies:

Caution with following commands. It will disconnect you from your server. 

sudo iptables -P INPUT DROP 
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

Allow loopback traffic:

sudo iptables -A INPUT -i lo -j ACCEPT

Allow established and related connections:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Allow SSH connections:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Allow HTTP and HTTPS connections:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Save the rules:

sudo service iptables save

Step 5: Persisting Rules Across Reboots

To ensure your iptables rules persist across reboots, save the rules using:

sudo service iptables save

The rules will be saved in /etc/sysconfig/iptables.

Step 6: Managing iptables with Scripts

For more complex setups, you can create a script to manage your iptables rules. Create a script, and add your rules there:

vi iptables.rules

Add following script:

#!/bin/bash

# Flush existing rules
iptables -F

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established and related connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP and HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT

# Save rules
service iptables save

Save and exit

Make the script executable:

sudo chmod +x iptables.rules

Run the script to apply the rules:

sudo ./iptables.rules

Step 7: Verify Configuration

Verify your iptables configuration:

sudo iptables -L -v

This guide should help you set up and manage iptables on AlmaLinux 9. Adjust the rules as per your specific requirements.