• Domain

    Domain

    Register your business domain or transfer your domain to Casbay anytime.

    Register .SG Domain

    Get your domain for local business in Singapore.

    Register Domain

    Choose your domain extension with affordable price.

    Domain Transfer

    Transfer & Renew your domain at cheapest price.

    Domain Privacy Protection

    Protect your private information with Whois.

  • Hosting

    Hosting

    We offer range of hosting services that support the demands of your website, or application.
    Web Hosting
    Reliable and scalable web hosting solution
    Business Hosting
    High Speed Business Hosting comes with security features.
    Business Email Hosting
    Powerful email hosting platform at your fingertips.
    Hosting Transfer
    Let us take care of your hosting.
  • Servers

    Servers

    Browse through our wide range of reliable and ready to deploy products and services that support the demands of your website, or application.
    Linux VPS
    Deploy rapid provisioning instances within minutes.
    Windows VPS
    The cost-effective choice that lets you focus on your business with confidence.

    Dedicated Servers

    Robust, secure and industrial-grade dedicated servers.

    Server Management
    Reliable management services for your VPS and Dedicated Server.
    Server Migration
    Migrate your hosting to Casbay.
  • Security

    Security

    Protect your asset from possible cyber attacks and threats.
    SSL Certificate
    Boost customers trust & confidence.
    Website Scanner
    Complete, affordable and cloud-based website protection.
  • IT Solutions

    Solutions

    Customized and specialized hosting solutions that are crafted to meet each and every demand of your business needs.
    Office IT Support
    Best IT support for your company.
    Office Setup
    Cost-Efficient & Complete Office IT Solution.
    Office Network Setup
    Professional Network Setup Design and Solution.
    Cloud Backup
    Never Lose a File Again with Casbay Backup Solution.
    Disaster Recovery
    Affordable and efficient Disaster Recovery as a Service.
    Cyber Security
    Protect your website from malware and DDoS attacks.
  • Why Us

    Why Us

    It’s not about what we say, it’s about what we do. Learn more about Casbay’s background and confidently join our growing community.

    About Casbay

    Our vision, history and photo gallery.

    Our Data Centre

    Tier III certified data centre in Singapore.

    Privacy Policy

    Understanding Casbay Privacy Policy.

    Client Reviews

    Find out what our clients say about us.

    News

    The latest news and media releases.

  • Contact
LIVE CHAT
LIVE CHAT

Casbay Knowledge Base

Search our articles or browse by category below

Defining Chain Rules Of Iptables For Linux Based VPS

Last modified: September 30, 2022
Linux based VPS firewall iptable
Estimated reading time: 3 min

Iptables is a firewall program commonly used on Linux based VPS. Similar to other firewalls, based on a predefined set of rules, it will filter incoming and outgoing data packets by monitoring the server. However, iptables by default has all of its sets of rules, or chains configured to accept all. This means the firewall allows all packets to go through your server without any filtering which is not effective in securing your server. In this article, you will learn how to define the chain rules of the iptables to secure your VPS.

Appending New Rules

To define a new rule and add it into the chain, you will need the append command, which is “-A” such as how the following command is.

sudo iptables -A

The iptables will be alerted when new rules are added to the chain. There are multiple commands you are able to match them together. Here are some of the commands you may use in the rules.

  • -i (interface) – network interface whose traffic you would like to filter, for example, eth0, lo, ppp0, and so on.
  • -p (protocol) – network protocol where your filtering process takes place, where it can be tcp, udp, udplite, icmp, sctp, icmpv6, or just pick all protocols.
  • -s (source) – the address of the traffic, you may add hostnames or IP address
  • -dport (destination port) – the designation port number of a protocol, such as 22 (SSH), 443 (https), etc.
  • -j (target) – the name of the target, such as ACCEPT, DROP, and RETURN. This will be necessary to add every time a new rule is made.

You can use the following command to use all the options in the following manner.

sudo ip-tables -A <chain> -i <interface> -p <protocol (tcp/udp) > -s <source> –dport <port no.> -j <target>

You may start to configure your firewall to provide more security once you understand the basic syntax.

Enabling Traffic On Localhost

Set a chain using the following command to allow traffic on localhost.

sudo iptables -A INPUT -i lo -j ACCEPT

This command ensures that connections between a database and a web application within the same machine are working as intended.

Enabling Connection Ports

The ports that we might want to enable are http, https, and ssh. To do so, we need to specify the protocol (-p), and the corresponding port (-dport). Run the command by replacing the “<protocol>” and  “<port no.>” in the command below with their respective protocol and port number. For example, if the protocol used is tcp and the port used is ssh, replace “<protocol>” with “tcp” and “<port no.>” with “22” due to the port number of ssh being 22 by default.

sudo iptables -A INPUT -p <protocol> –dport <port no.> -j ACCEPT

To verify if the rules had been implemented, you may use the command below.

sudo iptables -L -v

You should be able to see that the TCP protocol connections from specified ports will be accepted.

Filtering Packets

You are able to filter packets based on a range of IP addresses or just an IP address using iptables. Specify the IP address using the “-s” option. To accept packets from a specific IP address, use the following command.

sudo iptables -A INPUT -s <IP address> -j ACCEPT

Replace the IP address with the IP address you had picked. For the case where you needed to drop a specific IP address instead of accepting, replace “ACCEPT” with “DROP”. To specify a range, use the “-m” option, iprange module, and specify the range using “-src-range” as shown in the following command.

sudo iptables -A INPUT -m iprange –src-range <IP Address 1>-<IP Address 2> -j <ACCEPT/DROP>

Replace IP Address 1 and 2 for the range you needed and pick either accept or drop like the command above.

Drop All Other Traffic

To drop all traffic from outside aside from the specified port, use the following command.

sudo iptables -A INPUT -j DROP

Removing Rules

To start with a clean state, you can remove all the rules using the flush option, “-F”.

sudo iptables -F

The command above was for removing all rules. However, for the case where you just wanted to remove a specific rule, you will have to first list out all the rules using the following command.

sudo iptables -L –line-numbers

The command above will list out all the rules along with their index number. The rule deletion uses the “-D” option, as well as to specify the index number of the rule such as the following command.

sudo iptables -D INPUT <index number of rule>

To delete rule number 2, replace “<index number of rule>” with 2 and run it. That’s all you need for defining your chain rules.

Was this article helpful?
Dislike 0
Previous: Linux VPS Server Simple Tips Regarding Basic PostgreSQL Setup

Need Help?

Send a ticket to our 24X7 Technical Support Team

Casbay LLC

About Casbay

Follow Us

Facebook Twitter Youtube Linkedin Instagram Pinterest

Copyright © 2010 – 2022 Casbay LLC. All Rights Reserved.

All Trademarks Are The Property of Their Respective Owner.