Linux systems have a firewall software built right into the kernel. This packet-filtering framework is called netfilter
(since Linux 2.4). It is controlled by a tool called
iptables, which instructs the kernel what to do with incoming and outgoing network packets.
In this recipe, we will begin with an empty
iptables configuration (firewall disabled) and configure it to drop any incoming packets except those we specifically allow. Before we set up a firewall, we should review some basic concepts related to network communication and the organization of
The following are some basic packet-filtering concepts: