iptables Command Generator
Generate iptables commands to configure Linux netfilter firewall rules (append, delete, list, set policy)
Getting Started with iptables
## What is iptables?
`iptables` configures the netfilter firewall in the Linux kernel. It builds ordered rule lists (chains) that decide what happens to each network packet — accept, drop, reject, log, or return it. Rules live in memory and must be saved explicitly to survive a reboot.
## How to Use
1. **Pick an action**: `append` (`-A`), `insert` (`-I`), `delete` (`-D`), `list` (`-L`), `policy` (`-P`), or `flush` (`-F`). 2. **Choose a chain**: `INPUT`, `OUTPUT`, `FORWARD`, or a custom chain. 3. **Add matches**: protocol (`-p`), destination port (`--dport`), source (`-s`). 4. **Set a target**: `-j ACCEPT|DROP|REJECT|LOG|RETURN`. 5. **Copy & Run** — and **always keep a working SSH session open** before applying rules.
⚠️ **Warning**: A misapplied iptables rule can lock you out of the server over SSH. Test new rules from a second terminal, and never flush the INPUT chain with a default DROP policy unless you have console access.
Common Actions, Matches & Targets
### `-A` / `-I` / `-D` Append, insert, delete `-A CHAIN` adds a rule at the end of a chain; `-I CHAIN [n]` inserts at position n (default 1, highest priority); `-D CHAIN` removes a rule.
### `-L` / `-F` / `-P` List, flush, policy `-L` lists rules; `-F` clears a chain (or all chains); `-P CHAIN TARGET` sets the chain's default policy applied when no rule matches.
### `-p` Protocol match Match `tcp`, `udp`, or `icmp`. Required before `--dport`.
### `--dport` Destination port Match packets destined for a port, e.g. `--dport 22` for SSH. Must follow `-p tcp` or `-p udp`.
### `-s` Source match Match the source IP or CIDR, e.g. `-s 192.168.1.0/24`.
### `-j` Jump to target Decide the packet's fate: `ACCEPT`, `DROP` (silently discard), `REJECT` (discard with ICMP error), `LOG` (log and continue), or `RETURN` (stop processing this chain).
▶How do I make iptables rules persistent across reboots?
▶What is a default policy and why does it matter?
▶How do I open port 80 for a web server?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee