Install IPtables in Debian 11 (Bullseye)

arstech Leave a Comment

In this article you will learn how to uninstall default nftables framework, install iptables Debian 11 (Bullseye) and basic rules initial configuration.

Uninstall nftables and its Dependencies

IPtables is being replaced by nftables starting with Debian 10 Buster. Debian 11 comes with nftables framework.

To install iptables first we need uninstall nftables and its dependencies.

SSH into your server and run the next commands:

# apt-get remove --auto-remove nftables
# apt-get purge nftables

Install IPtables in Debian 11

To install iptables execute following commands:

# apt-get update
# apt-get install iptables
Install IPtables in Debian 11

Debian IPtables Status Check

Now we can check the iptables status and list rules. For list all the rules we will use option -L.

Run command:

# iptables -L -v

You will see the output:

debian iptables status

As you see on the screenshot just installed iptables firewall and it works. But all chains (INPUT, FORWARD, OUTPUT) are set to ACCEPT, and we have no security rules configured.

Clear Iptables Rules

То clear iptables rules (open all ports) use the following command sequence:

# iptables -P INPUT ACCEPT
# iptables -F
# iptables -X

Basic Iptables Example Configuration

This is basic iptables configuration example to allow connections on HTTP, HTTPS ports and ping. Open SSH port and accept the incoming connections on port 22 only from your IP address.

Copy this example, don’t forget to edit xxx.xxx.xxx.xxx your IP address and execute:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp -m state -m comment -s xxx.xxx.xxx.xxx/32 --dport 22 --state NEW -j ACCEPT --comment "Open SSH Port for your xxx.xxx.xxx.xxx/32 IP only "
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

lets check iptables status again:

# iptables -L -v

Example output:

check iptables status

Good job! The iptables UP and running with defined rules.

If we reboot the server we will loose configuration. Iptables rules are not saved automatically.

Debian Iptables Persistent

To make your iptables rules persistent install iptables-persistent package:

# apt-get install iptables-persistent
Iptables Persistent

Now Iptables Configuration files rules.v4 and rules.v6 stored in /etc/iptables

Debian IPtables Save

To update iptables with new rules use IPtables Save command:

# iptables-save > /etc/iptables/rules.v4

for IPV6:

# ip6tables-save > /etc/iptables/rules.v6

Iptables Restore

To restore iptables configuration form iptables configuration file.

# iptables-restore < /etc/iptables/rules.v4

Conclusion

You just learned how to Install IPtables in Debian 11, how to make Debian iptables persistent. And iptables firewall basic rules configuration.

Discuss article in ArsTech Forum

   

If you like what you are reading, please:

Buy me a coffeeBuy me a coffee

arstech

More Posts

Start the discussion at forum.arstech.net