How to view current iptables rules:
How to append an allow rule into iptables:
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
The following rule will append an allow rule for a specific IP address through IP tables. Replace 220.127.116.11 with the IP of your choosing:
#iptables -A INPUT -s 18.104.22.168 -j ACCEPT
How to append a block/deny rule into iptables:
#iptables -A INPUT -p tcp --dport 80 -j DROP
The following rule will append a block/deny rule for a specific IP address through IP tables. Replace 22.214.171.124 with the IP of your choosing:
#iptables -A INPUT -s 126.96.36.199 -j DROP
How to add a rule at a specific line in iptables:
First run the following command to see the line numbers so you can more easily tell where you should insert your rule.
#iptables -nL --line-numbers
Next, use one of the above commands while replacing the letter X with the line number you would like to insert the rule in to. Notice that the -I for insert rather than -A for append is being used. Below is an example of adding an allow rule for port 80 into line X.
#iptables -I INPUT X -p tcp --dport 80 -j ACCEPT
How to save iptables rules for reuse after restarting your server:
iptables will not save rules after restarting your server so you must either save a copy of your current rules before restarting your server or install a package called iptables-persistent which will automatically reload any saved iptables rules upon server restart.
To save a copy of your current iptables rules:
#iptables-save > /etc/iptables.rules
To then restore these rules after restarting your server:
#iptables-restore < /etc/iptables.rules
To install iptables-persistent you can use one of the following commands depending on which version of Linux you're running:
#yum install iptables-persistent
#apt-get install iptables-persistent
After the package has been installed you can run the following command after you have added any rule to iptables to ensure it will be restored to the iptables rule set after any server restart: