Server Topic
   >  Introduction to Firewalls
   >  Listing Firewall Rules
   >  Changing Default Rules
   >  Changing Specific Rules
   >  Example Firewall Script


Adding Specific Firewall Rules

Adding Specific Firewall Rules

Once you have defined the default firewall rules, you will need to add the specific rules using the add (-A) option. The general syntax being:

$ sudo iptables -A <match criteria> -j  <ACCEPT|DROP>

The match criteria you can use is very flexible - here is a flavour of just some of the options you can use (-for a full list, type man iptables from the command line):

  • -i (input interface): the name of the interface to able this rule to (-for example, "lo" for localhost or the name of an interface) such as eth0, etc)
  • -j (action): this is the action to apply and will be either ACCEPT or DROP
  • -m (load module): load the module specified to filter rules
  • -o (output interface): apply the rule to an interface such as eth0 via which a message is sent
  • -s (source): apply this rule to the specific computer name or IP address of a machine (-or set of machines)
  • --state (state): apply this rule to those connection states listed in the comma-delimited list which follows

Note: the above options can be combined in a single rule to specify the exact set you wish to apply the rule to

Here are some examples:

$ sudo iptables -A INPUT -i lo -j ACCEPT (accept all connections from the localhost)

$ sudo iptables -A INPUT -s -j ACCEPT (accept all connections from host

$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (accept all connections from threads established by or in progress from this host)

$ sudo iptables -A INPUT -p tcp -s --dport 22 -m state --state NEW -j ACCEPT (accept all new connections on port 22 from 
the servers or

If you require more information, refer to this great online tutorial by Ned Slider

References and Further Reading:

HomeSite IndexDesktop GuideServer GuideHints and TipsHardware CornerVideo SectionContact Us

 sitelock verified Firefox Download Button