This guide will attempt to explain how to use iptables on linux in easy to understand language.


Iptables is a rule-based firewall, which will process each rule in order until it finds one that matches.

Todo: include example here


The iptables utility is typically pre-installed on your linux distribution, but isn’t actually running any rules. You’ll find the utility here on most distributions:


Blocking a Single IP Address

You can block an IP by using the -s parameter, replacing with the address that you are trying to block. You’ll note in this example that we used the -I parameter (or –insert works too) instead of the append, because we want to make sure this rule shows up first, before any allow rules.

/sbin/iptables -I INPUT -s -j DROP

Allowing All Traffic from an IP Address

You can alternately allow all traffic from an IP address by using the same command as above, but replacing DROP with ACCEPT. You need to make sure that this rule appears first, before any DROP rules.

/sbin/iptables -A INPUT -s -j ACCEPT

Blocking a Port From All Addresses

You can block a port entirely from being accessed over the network by using the the –dport switch and adding the port of the service you want to block. In this example, we’ll block the mysql port:

/sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP

Allowing a Single Port from a Single IP

You can add the -s command along with the –dport command to further limit the rule to a specific port:

/sbin/iptables -A INPUT -p tcp -s --dport 3306 -j ACCEPT

Viewing the Current Rules

You can view the current rules using the following command:

/sbin/iptables -L

This should give you an output similar to the following:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere            
ACCEPT     all  --       anywhere             
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh 
DROP       tcp  --  anywhere             anywhere            tcp dpt:mysql

The actual output will be a bit longer, of course.

Clearing the Current Rules

You can clear out all the current rules by using the flush parameter. This is very useful if you need to put the rules in the correct order, or when you are testing.

/sbin/iptables --flush


While most Linux distributions include a form of iptables, some of them also include wrappers which make the management a little easier. Most often these “addons” take the form of init scripts which take care of initializing iptables on startup, though some distributions also include full-blown wrapper applications which attempt to simplify the common case.


The iptables init script on Gentoo is capable of handling many common scenarios. For starters, it allows you to configure iptables to load on startup (usually what you want):

rc-update add iptables default

Using the init script, it is possible to load and clear the firewall with an easy-to-remember command:

/etc/init.d/iptables start
/etc/init.d/iptables stop

The init script handles the details of persisting your current firewall configuration on start/stop. Thus, your firewall is always in the state you left it. If you need to manually save a new rule, the init script can handle this as well:

/etc/init.d/iptables save

Additionally, you can restore your firewall to the previous saved state (for the case where you were experimenting with rules and now want to restore the previous working configuration):

/etc/init.d/iptables reload

Finally, the init script can put iptables into a “panic” mode, where all incoming and outgoing traffic is blocked. I’m not sure why this mode is useful, but all Linux firewalls seem to have it.

/etc/init.d/iptables panic

Warning:¬†Don’t initiate the panic mode if you are connected to your server via SSH; you¬†will¬†be disconnected! The only time you should put iptables into panic mode is while you are¬†physically¬†in front of the computer.

Profile Photo for Lowell Heddings Lowell Heddings
Lowell is the founder and CEO of How-To Geek. He’s been running the show since creating the site back in 2006. Over the last decade, Lowell has personally written more than 1000 articles which have been viewed by over 250 million people. Prior to starting How-To Geek, Lowell spent 15 years working in IT doing consulting, cybersecurity, database management, and programming work.
Read Full Bio ¬Ľ

The above article may contain affiliate links, which help support How-To Geek.