iptables is a command-line utility used to configure the IP packet filter rules of the Linux kernel firewall, implemented via Netfilter modules. It enables system administrators to define precise policies for handling incoming, outgoing, and forwarded network traffic.
The architecture relies on tables (filter, nat, mangle, raw) that house chains of rules. As a packet traverses the network stack, iptables inspects it against these rules sequentially. Once a match is found, the system executes a target action, such as ACCEPT, DROP, or REJECT.
How it works
- Filter table: The default table for deciding whether a packet should be allowed to reach its destination.
- NAT table: Essential for Network Address Translation, used to route traffic between public and private networks.
- Stateful inspection: The
conntrackmodule allows the firewall to track the state of network connections (e.g., ESTABLISHED, RELATED).
While nftables is the official successor, iptables remains the industry standard for managing network security in containerized environments like Docker. For instance, to block a specific IP, the command iptables -A INPUT -s 192.168.1.10 -j DROP appends a rule to the INPUT chain that silently discards all packets from that source.