IPTables - Quick HowTo

The information that a computer exchanges with other computers on the internet travels in units called packets. The packets contain the data intended to be communicated between two computers, as well as a header. The header contains information about the packet (e.g. the size of the packet, various flags, etc.), and routing information (such as the source and the destination). The usual analogy is with a postal letter: if the letter itself is the data, the envelope (containing the "TO:" and the "FROM:" fields) is the header. Again, the packet header contains other information as well, and the exact fields in the header depend on the protocol (such as tcp, udp or icmp). We will be interested mainly in the source address/port and the destination address/port fields, the protocol of the packet, as well as some packet flags.

A firewall is a list of rules used to decide the fate of the packets that come into or leave a computer, according to certain criteria, or parameters. For example, we may want to allow all outgoing traffic, but we may want to drop all incoming packets, except perhaps the secure shell packets, email packets and http packets. At this point in Linux history, there are two mechanisms to implement a firewall: ipchains and iptables. Ipchains was the sole method until relatively recently, and for the average needs of the average home user, it may do just fine. It is aging slowly, passing on the responsibility to the newer, preferred method - iptables. Iptables is not just an improvement over ipchains. It was re-designed from scratch, to allow for far more flexible firewalls, while trying to preserve the ipchains syntax for user level command tools. So for the user familiar with ipchains, the transition to iptables should be fairly smooth. Familiarity with ipchains will not be required in this tutorial though.