Skip to main content

We're currently improving our systems to provide you with a new, more unified login experience.

How do I manually add an entry for iptables into my server's firewall?

Shoshana Billik
  • Updated

Question

How do I manually add an entry for iptables into my server's firewall?

 

Answer

You can use the "-A" flag to append rules to the existing firewall when using iptables. When adding a new rule, you will need to specify the chain in which you should append the rule. You will also need to specify the parameters of the rule that you wish to add. A base example of the format has been included below:

iptables -A $chain $firewall-rule

In the above example, you need to replace "$chain" with either the INPUT chain or the OUTPUT chain to specify whether the new rule would apply to either incoming packets (INPUT) or outgoing packets (OUTPUT).

Additional flags can also be used depending on the intention behind the rule being added. Some examples of the flags that can be utilized are outlined below:

  •  -p 
    This flag specifies protocols, such as tcp, udp, or icmp. If no protocol is specified, this defaults to "all."
  • -s
    This flag specifies the packet's source, such as an IP address, network address, or hostname.
  • -d
    This flag is used similarly to the -s flag, except that it is used to specify the packet's destination.
  • -j
    This flag specifies the action that is taken to the packet that matches the firewall rule. Possible values for this flag are ACCEPT, DROP, QUEUE, and RETURN.
  • -i
    This flag indicates the interface through which the incoming packets come through the INPUT, FORWARD, and PREROUTING chains. All available interfaces will be considered for input packets if no interface is specified.
  • -o
    This flag is used similarly to the -i flag, except that it is used to specify the interface through which the outgoing packets are sent through the INPUT, FORWARD, and PREROUTING chains. 
    All available interfaces will be considered for output packets if no interface is specified.

We've also published the following articles that include our suggestions on firewall configurations for cPanel & WHM:

How do I configure my firewall for cPanel & WHM?

What ports should I open in my network firewall?

cPanel Technical Support is unable to modify or manage server firewalls on your behalf. It is recommended that firewall configurations be managed by a qualified systems administrator with experience in firewall management.
If you do not have a system administrator, you may search for an available administrator using the resources provided in the article below:

System Administration Services 

Related articles