LAB-SEC-02 - Introduction to iptables

SEC Security & Firewalls

Introduction to iptables

Inspect iptables rules, understand chain order, and practice one small temporary rule change with a clear rollback.

35 min INTERMEDIATE LINUX Curriculum-reviewed

Prerequisites

Lab LAB-SEC-01 - The UFW Firewall

Success criteria

Inspect iptables rules, understand chain order, and practice one small temporary rule change with a clear rollback.
Repeat the workflow without copy-paste or step-by-step prompting.

Safety notes

Direct iptables work is high impact. Avoid broad flush or default-policy changes unless you fully understand the consequences.

Part A: The Field Guide

What This Lab Is Really About

This lab is not about turning you into a firewall expert in one sitting.

It is about understanding:

that packet rules are evaluated in order
that different chains handle different traffic directions
that direct iptables changes need careful rollback thinking

If UFW is the friendly layer, iptables helps you see what is happening underneath.

Command Reference

sudo iptables -L -n sudo iptables -L -n -v —line-numbers sudo iptables -I INPUT 1 -s 198.51.100.99 -j DROP sudo iptables -D INPUT 1

Part B: The Drill Deck

Terminal required: be cautious if this is a shared or remote system.

Exercise G1: Inspect the Current Chains

Run:

sudo iptables -L -n

Identify the main chains:
- INPUT
- OUTPUT
- FORWARD
Read them as traffic directions rather than as random labels.

Exercise G2: Add Counters and Rule Numbers

Run:

sudo iptables -L -n -v --line-numbers

Notice:
- rule order
- packet and byte counters
- line numbers for later deletion

Exercise G3: Insert One Temporary Rule

Insert a test rule at the top of INPUT:

sudo iptables -I INPUT 1 -s 198.51.100.99 -j DROP

Read the INPUT chain again and confirm the new rule is first.
This exercise is about visibility and rollback, not about trusting the IP choice to be meaningful in your lab.

Exercise S1: Remove the Temporary Rule

Delete the rule you just inserted:

sudo iptables -D INPUT 1

Re-read the chain and confirm it is gone.

Exercise S2: Explain Why Order Matters

Look at the rule list.
Answer in your own words:
- what happens if a broad DROP rule appears above a more specific ACCEPT rule?
- why does insertion position matter?

Mission M1: Design a Precise SSH Block Rule

Write, but do not necessarily apply, a rule that would:

target the INPUT chain
match TCP traffic
match source subnet 203.0.113.0/24
match destination port 22
drop that traffic

If you can explain each part of the command, the mission is complete.

Practice flow

Run the exercise carefully, verify the result, then mark it complete only when you could repeat the task without step-by-step help.

Open lesson Open Arena Back to Labs

Reflection

Could you now explain what INPUT, OUTPUT, and FORWARD represent?
Do you understand why rule order matters in iptables?
If you repeated Introduction to iptables from memory, where would you still hesitate?

If not yet, repeat the lab once more without leaning on the instructions.

Move on when

Inspect existing iptables rules and explain what the main chains do.
Add and remove one temporary test rule without losing your rollback path.

A lab counts when you can repeat it cleanly with much less help than the first time.

Practice review

After you finish, repeat this lab tomorrow with less reliance on the instructions.

Use spaced practice around day 1, day 3, day 7, day 14.
Try to predict the steps before you scroll.
Run the key commands or actions from memory first.
Use the lesson or Library only for the parts that still fail.

Lab context

Best for

Need structureSerious hands-on operatorDeveloper expanding into systemsIT / support / sysadminExpert refresh / reference

Pathways

Career operator pathDeveloper to systems fluencyFoundations with structured review

Practice fit

Beginner-safe Guided practice

This lab is designed to be attempted safely by newer learners if they stay inside the described sandbox or practice folder.

Expect tighter prompts and a more protected workflow while the skill is still forming.

Revisit the lesson

Module M47 - Services Management Module M50 - Remote Access: Advanced Module M52 - Systematic Troubleshooting: PDIVET

Topics

iptablesnetfilterchainsdropacceptrules

Reference support

Library iptables Library netfilter Library chains Library drop

On this page