The most common use of iptables is to simply block and allow traffic.
Iptables allows you to allow traffic based on a number of different conditions such as Ethernet adapter, IP Address, port, and protocol.
Allow incoming TCP traffic on port 22 (ssh) for adapter eth0
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
Allow incoming TCP traffic on port 80 (HTTP) for the IP range 192.168.0.1 Ã¢â‚¬â€œ 192.168.0.254.
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
Iptables can block traffic on the same conditions that traffic can be allowed.
Blocks inbound TCP traffic port 22 (ssh)
iptables -A INPUT -p tcp -m tcp --dport 22 -j DROP
Blocks inbound TCP traffic on port 80 (HTTP) from the IP 192.168.1.100
iptables -A INPUT -s 192.168.1.100 -p tcp -m tcp --dport 80 -j DROP
Along with allowing and denying traffic IP tables can be used to limit the number of connections allowed over time thresholds.
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m sshbrute --update --seconds 60 --hitcount 4 -j DROP[:p:] this is a common set of rules used to block brute force ssh attacks. The first rule makes sure the IP connecting is added to the sshbrute list. The second rule tells iptables to check the sshbrute list and if the packet threshold is exceeded to drop the traffic.