Managing IPTables Firewall on Modern Linux Systems
Updated at June 1st, 2026
Table of Contents
Date: 16-12-2015
IPTables is a Linux firewall utility used to control network traffic entering and leaving a system. While many modern Linux distributions use Firewalld or nftables by default, IPTables is still commonly used in enterprise environments and appliance deployments.
Important
Changes made directly to IPTables take effect immediately and can impact remote access. Always verify console access or maintain an active SSH session before making firewall changes.
Best Practices
- Back up firewall rules before making changes.
- Use specific source IP restrictions whenever possible.
- Verify services are listening before opening firewall ports.
- Save rules after making modifications.
- Test connectivity after firewall changes.
- Maintain console access when performing firewall maintenance.
- Restrict LDAP and LDAPS access to trusted networks whenever possible.
Check IPTables Service Status
Display the current IPTables service status:
sudo systemctl status iptablesCommon service commands:
sudo systemctl start iptables
sudo systemctl stop iptables
sudo systemctl restart iptables
sudo systemctl enable iptables
sudo systemctl disable iptablesView Current Firewall Rules
Display all active rules:
sudo iptables -L -n -vDisplay rules in save format:
sudo iptables-saveBackup Existing Rules
Before making changes, create a backup:
sudo iptables-save > /root/iptables.backupVerify the backup:
cat /root/iptables.backupRestore Firewall Rules
Restore a previously saved configuration:
sudo iptables-restore < /root/iptables.backupReset IPTables Rules
Flush all active rules:
sudo iptables --flushor
sudo iptables -FWarning: This immediately removes all active rules and may expose the system to network traffic.
Display the current rules after flushing:
sudo iptables -L -n -vSave Firewall Changes
After modifying rules, save the current configuration:
sudo iptables-save > /etc/sysconfig/iptablesRestart the service:
sudo systemctl restart iptablesOpen a TCP Port
Example: Open TCP port 389 (LDAP)
sudo iptables -A INPUT -p tcp --dport 389 -j ACCEPTExample: Open LDAPS port 636
sudo iptables -A INPUT -p tcp --dport 636 -j ACCEPTVerify:
sudo iptables -L -nSave the changes:
sudo iptables-save > /etc/sysconfig/iptablesVerify Application is Listening
Check whether a service is listening on the expected port.
Example: LDAP
ss -lntp | grep 389Example: LDAPS
ss -lntp | grep 636Example Output:
LISTEN 0 128 *:389 *:* users:(("slapd",pid=1234))Display all listening TCP ports:
ss -lntpDisplay all listening UDP ports:
ss -lnupInstall IPTables Service
RHEL / Rocky Linux / AlmaLinux
sudo dnf install iptables-services -yEnable the service:
sudo systemctl enable --now iptablesVerify:
sudo systemctl status iptablesManaging firewalld
Many modern Linux distributions use firewalld by default.
Check status:
sudo systemctl status firewalldStop firewalld:
sudo systemctl stop firewalldDisable firewalld at boot:
sudo systemctl disable firewalldStop and disable in one command:
sudo systemctl disable --now firewalldMask firewalld:
sudo systemctl mask firewalldA masked service cannot be started manually or automatically.
Unmask firewalld:
sudo systemctl unmask firewalldDisable IPTables Service
Stop and disable IPTables:
sudo systemctl disable --now iptablesVerify:
sudo systemctl status iptablesCommon LDAP Firewall Ports
| Service | Port |
|---|---|
| LDAP | 389/TCP |
| LDAPS | 636/TCP |
| DNS | 53/TCP,UDP |
| NTP | 123/UDP |
| SSH | 22/TCP |
Example:
sudo iptables -A INPUT -p tcp --dport 389 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 636 -j ACCEPTTroubleshooting
Display active rules:
sudo iptables -L -n -vDisplay listening ports:
ss -lntpVerify a specific port:
ss -lntp | grep <port>Check service status:
systemctl status iptablesReview system logs:
journalctl -u iptables