iptables is the long-standing user-space tool for configuring the Linux kernel's netfilter packet-filtering framework, giving administrators granular control over how network packets are accepted, dropped, modified, or forwarded. Despite being superseded by nftables in most modern distributions, iptables remains heavily deployed on production servers running RHEL 7/CentOS 7/Ubuntu 18.04 and in countless scripts, containers, and tools that expect its interface. The key mental model: iptables doesn't contain the firewall logic itself β it programs five hooks deep in the kernel networking stack, organized into tables (by purpose) and chains (by hook point), so understanding that layering is essential before writing a single rule.
What This Cheat Sheet Covers
This topic spans 22 focused tables and 147 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Tables β Purpose and Available Chains
Each iptables table serves a distinct purpose. The right table must be selected before writing rules, because targets and chains available to each table differ β placing a NAT rule in the filter table simply won't work.
| Table | Example | Description |
|---|---|---|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | β’ Default table (no -t needed)β’ decides whether to allow or deny packets β’ Contains INPUT, FORWARD, OUTPUT chains | |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | β’ Network Address Translation β’ consulted only for the first packet of a new connection β’ Contains PREROUTING, INPUT, OUTPUT, POSTROUTING chains | |
iptables -t mangle -A PREROUTING -i eth0 -j TTL --ttl-set 64 | Specialized packet header alteration (TTL, TOS, DSCP, MARK). Contains all five chains. |