The Linux provides default security controlled by firewall called Iptables, can handles filtering for IPv4 and ip6tables called IPV6. Type the following command as root user.

To Displaying Your Firewall Status :



# iptables -L -n -v



Chain INPUT (policy ACCEPT 321 packets, 338K bytes)

 pkts bytes target     prot opt in     out     source               destination         



Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         



Chain OUTPUT (policy ACCEPT 271 packets, 21862 bytes)

 pkts bytes target     prot opt in     out     source               destination 


Allows All TCP/UDP Ports to Specific IP Address,

Assume that, I would like to allow to 192.168.2.50 IP all TCP/TCP connection,



# iptables -I INPUT -p tcp -s 192.168.2.50 -j ACCEPT



# iptables -I OUTPUT -p tcp -d 192.168.2.50 -j ACCEPT



# iptables -I INPUT -p udp -s 192.168.2.50 -j ACCEPT



# iptables -I OUTPUT -p udp -d 192.168.2.50 -j ACCEPT


Block Specific IP Address,

If you want to block specific IP Address,

 # # iptables -A INPUT -s "192.168.2.100" -j DROP  


Prevent DoS Attack

Use the below iptables rule will help you prevent the Denial of Service (DoS) attack on your web server.

 # iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT


-m limit:  uses the limit iptables extension

–limit 25/minute: This limits  maximum of 25 connection per minute. You can update based on your requirements

–limit-burst 100: This value indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.

Delete Existing Rules

Before you have to  add new IPTables rules, if you want to clean-up all the default rules,

# iptables -F

(or)
# iptables --flush