Home

iptables

iptables is a user-space utility that configures netfilter, the Linux kernel’s packet-filtering framework, to filter traffic, perform network address translation (NAT), and alter packets. It provides a rule-based interface for defining which packets are allowed or blocked as they traverse the host.

Netfilter exposes a set of tables that organize rules into chains. The main tables are filter (for

iptables supports stateful filtering via the conntrack subsystem; common usage uses -m conntrack --ctstate to match

Persistence and administration: rules are in memory unless saved with iptables-save and restored with iptables-restore, or

Overall, iptables remains widely used for configuring firewall rules on Linux systems, though newer deployments increasingly

general
traffic
filtering),
nat
(for
address
translation),
mangle
(packet
alteration),
raw
(special-case
processing),
and
security
(mandatory
access
decisions).
Each
table
contains
built-in
chains
such
as
INPUT,
OUTPUT,
and
FORWARD
for
filter,
and
PREROUTING
and
POSTROUTING
for
nat.
A
rule
comprises
matches
(conditions
such
as
protocol,
addresses,
ports,
or
interfaces)
and
a
target
(ACCEPT,
DROP,
REJECT,
LOG,
or
NAT
targets
like
DNAT/SNAT).
Rules
are
evaluated
in
order
within
a
chain.
ESTABLISHED
or
RELATED
connections.
Typical
management
involves
appending,
inserting,
or
deleting
rules
with
-A,
-I,
-D,
and
listing
with
-L
or
-S.
NAT
rules
in
the
nat
table
handle
inbound
and
outbound
address
translation,
including
masquerading
and
port
redirection.
via
distribution-specific
tooling.
In
modern
environments,
nftables
provides
the
successor
framework,
with
iptables
compatibility
layers
for
migration.
IPv6
uses
ip6tables,
though
nftables
can
manage
IPv4
and
IPv6
in
a
unified
framework.
adopt
nftables
or
higher-level
management
tools.