There are three actions which the iptables can perform on the traffic

ACCEPT

DROP

REJECT

1. ACCEPT
When a traffic passes the rules in its specified chain, then the iptable accepts the traffic.
That means it opens up the gate and allows the person to go inside the kingdom of Thanos.

2. DROP
When the traffic is unable to pass the rules in its specified chain, the iptable blocks that traffic.
That means the firewall is closed.

3. REJECT
This type of action is similiar to the drop action but it sends a message to the sender of the traffic stating that the data transfer has failed.
As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see.

To list the rules of the current iptables:-

sudo iptables -L

2. Clear the rules :

If you ever want to clear/flush out all the existing rules. Run the following command:-

sudo iptables -F

This will reset the iptables.

3. Changing the default policy of chains :

sudo iptables -P Chain_name Action_to_be_taken

As you can see in the above picture ,default policy of each of the chain is ACCEPT.

For eg:–
If you see the forward chain, you will see “Chain FORWARD (policy ACCEPT)”.This means your computer allows any traffic to be forwarded to another computer.

In order to change the policy of forward to drop:-

sudo iptables -P FORWARD DROP

The above command will stop any traffic to be forwarded through your system. That means no other system can your system as an intermediary to pass the data.

Making your First Rule :

1. Implementing a DROP rule :

We’ll now start building our firewall policies.We’ll first work on the input chain since that is where the incoming traffic will be sent through.

Syntax:-

sudo iptables -A/-I chain_name -s source_ip -j action_to_take

We’ll take an example to understand the topic.

Let’s assume we want to to block the traffic coming from a ip address 192.168.1.3. The following command can be used:-

sudo iptables -A INPUT -s 192.168.1.3 -j DROP

This may look complicated, but most of it will make sense when we go over the components:-
-A INPUT :-

The flag -A is used to append a rule to the end of a chain. This part of the command tells the iptable that we want to add a rule to the end of the INPUT chain.

-I INPUT:-
In this flag the rules are added to the top of the chain.

-s 192.168.1.3:-
The flag -s is used to specify the source of the packet. This tells the iptable to look for the packets coming from the source 192.168.1.3

-j DROP
This specifies what the iptable should do with the packet.

In short, the above command adds a rule to the INPUT chain which says , if any packet arrives whose source address is 192.168.1.3 then drop that packet, that means do not allow the packet reach the computer.

Once you execute the above command you can see the changes by using the command:-

sudo iptables -L