In Linux, iptables is a powerful firewall tool that is used to control and manage network traffic. Iptables create rules that govern how packets are allowed to flow in and out of a system. These rules are organized into chains, which classify packets depending on their protocols, source, destination, or other criteria.
This guide will explain the chain in iptables and how to create a custom chain in Linux.
- What is a Chain in Iptables in Linux?
- INPUT Chain
- OUTPUT Chain
- FORWARD Chain
- Create a Custom Chain in Iptable on Linux
What is a Chain in iptables in Linux?
In iptables, chains are rules implemented to outgoing or incoming packets. When a packet arrives at a network interface, it is evaluated against the rules in the chains to determine what should be done with it. The packet may pass through the system, be dropped, or be redirected to another chain for further processing.
There are 3 chains in iptables: INPUT, OUTPUT, and FORWARD. Each of these chains has a specific purpose and set of rules.
INPUT Chain
The INPUT chain filters packets that are sources for the local system. This chain controls access to services on the local machine, such as SSH or a web server.
Use the iptables command to display the INPUT chain, a built-in chain in the iptables firewall responsible for filtering incoming traffic to the system. Here’s the command to display the INPUT chain:
$ sudo iptables -L INPUT
This command lists all the rules in the INPUT chain, including the policy and any rules that have been added manually.
OUTPUT Chain
The OUTPUT chain is used to filter packets that are generated by the local system and are going out. This chain controls what traffic is allowed to leave the system.
To display the OUTPUT chain in the iptables firewall responsible for filtering outgoing traffic from the system. Here’s the command to display the OUTPUT chain:
$ sudo iptables -L OUTPUT
This command lists all the rules in the OUTPUT chain, including the policy and any rules that have been added manually.
FORWARD Chain
The FORWARD chain is used to filter packets that are forwarded through the system. This chain controls what traffic is allowed to pass via the system.
Use the iptables command to display the FORWARD chain, a built-in chain in the iptables firewall responsible for filtering traffic being forwarded through the system. Here’s the command to display the FORWARD chain:
$ sudo iptables -L FORWARD
This command lists all the rules in the FORWARD chain, including the policy and any rules that have been added manually.
How to Create a Custom Chain in Iptable on Linux?
To create a custom chain in iptables on Linux, follow these steps:
Step 1: Create the New Chain
Choose a name for the custom chain and type the “iptables” command with the “N” option to create the new chain as “mychain”:
$ sudo iptables -N mychain
This creates a new chain called “mychain“.
Step 2: Add Rules to New Chain
Next, add rules to the new chain using the same syntax as you would when adding rules to the main chains. For instance, to allow incoming SSH traffic on port 22 to this custom chain, use the following command:
$ sudo iptables -A mychain -p tcp --dport 22 -j ACCEPT
This adds a rule to the “mychain” chain that accepts incoming TCP traffic on port 22.
Step 3: Allows Incoming Traffic From Specific IP address
To use the “mychain” chain in a rule that allows incoming traffic from a specific IP address “192.168.1.100”, execute the following command:
$ sudo iptables -A INPUT -s 192.168.1.100 -j mychain
This adds a rule to the INPUT chain that allows incoming traffic from IP address 192.168.1.100 to be processed by the “mychain” chain.
Verify the Rules in a Chain
To list the rules in a chain, use the “iptables” command with the “L” option by specifying the chain name:
$ sudo iptables -L mychain
This command lists all the rules in the “mychain” chain.
Conclusion
In iptables, chains provide a flexible and powerful method to manage network traffic. Users need to modify their firewall configurations with systems and networks by creating custom chains and defining specific rules.
This article has explained the chain and how to create a custom chain in iptables on Linux.