If only every guide on the internet was this clearly explained, maybe the world would actually have helpdesks that understand what they're doing. Thanks man.
I came to review the iptables syntax for an upcoming exam and watched the whole lecture because you are an excellent teacher. Thanks for clarifying many questions I didn't know I had about iptables.
Thank you for this video! I'm in the process of setting up a DD-WRT router with multiple VLANs which uses iptables for defining firewall rules. I've never used it before, so your explanation was extremely helpful!
Great video explaining most of the basics, thank you. But I would have appreciated a bit of a deeper dive into the internal decision making of iptables. How does it decide what table to use. Or in what order are which chanes of which table applied. I think that would be very important additional basics that may not be necessary for simple use cases like they are shown here. But are really important for more advanced use cases later on. Maybe a follow up video?
Thank you a lot! I didn't get what was this about in a hole semester and now it's completely clear because of you. Greetings from 📌Tero Violado - Argentina
Great explanation, thank you! You've covered the 2 Chains that handle local ingres and egress. If love to see another video that explains the other 9 tables.
ping is handled by the network layer and the curl requests are handled by the application layer. iptables at best can block ports which is in the network and transport layer.
For this particular scenario curl would have been better to test or even telnet to something on the web on port 443. Ping its not used to test TCP protocol, it uses ICMP which is different protocol. @@gsander3102
Thanks for the great video. Made such a terrifying concept so simple. But, I think the reason for the ping failure wasn't due to the filtering rule, but it was the DNS problem. Apparently, the DNS server is not set, and thus, it can't resolve the given URL.
the issue is that PING uses ICMP, and it does not take urls, it takes either IPs or domains, that is why it was complaining about the syntax. Anyway it could not be used for this particular test.
Thanks for the clarifying video. You should make one on getting udp to work with 1 system streaming/recording with FFMPEG locally on OBS Studio to another system catching it to stream because I haven't found one that has really helped.
Hi i'm using zorin os and i want to create a whitelist list so that the user using that laptop will be able to access only those site which I have added in that list and if he tries to access other sites it will show its blocked so how can I do it. Please help
I just learned iptables is a limited gui console for nftables. Iptables is nftables. On the cli can type iptables -S or nft list tables and then list the table, like nft list table ip filter, using sudo of course
Hello bro. What I do? iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Thankssss!
I appreciate the effort, but first: it's not a complete guide, and second: iptables-save "saves" the state on the screen. To make the changes permanent you need to run 'iptables-save > /etc/iptables/rules.v4' previously installing the iptables-persistent package.
😭😭sbin iptables - save doesnt save so i created a script and a service for launching it at every reboot but it makes bug my system what to do to save iptables rules pleaaase but the video is and will be very usefull thanks alot
When he tries to ping hackersploit it says that the service is unknown because the server can't even reach out to a DNS server to check the IP of the website! :) (I think)
Title is missleading :( What kind of "Complete Guide" is this? That's just about filter, accepting or dropping packets. Port redirection, NAT and mangle not covered at all, I'm disappointed. Thumb down, sorry man.
Note, normally you don't have a unique public IP because your internet provider is letting you share the IP with other people. So this is in most cases NOT a good way to block all users except yourself...
Click bait! Titles says IPTABLES COMPLETE GUIDE but showing FILTER TABLES only. Your titles should be "iptables filter table complete guide" as nat and mangle table part of the complete IPTABLES guide!
i don't like the way you explain, u just give random information and jump from point to point. you must first clear things like how the form of the command is ( like what is L and you can replace it with A or I or D and for the next you will specify the chain then .... until J) , and then start doing examples
woeful.. To call this a complete guide is a BIG stretch, when only input & output chains are covered. Locking yourself out with second command just made me laugh, reminding me of an old saying - If you can't cut it in the real world, you teach.. well try to anyway..
Hello, i'm facing a DDOS attack on my VPS, i'm new to use ufw, and iptables, i'm Trying to Block IP Address Attacker, all commands working fine, but ip address not blocking, what to do ? tried with ufw, and iptables both. but not blocking.
You don't save just like that! It's a great video and I learnt from it, but - quite dangerously misleading - actual saving is done nothing like the video shows. What video shows by /sbin/iptables-save is merely output to the screen and nothing else. Once you reboot your server all your rules will fly away! Unless you make them PERSISTENT by installing the relevant package (apt install iptables-persistent), which will make /etc/iptables dir for you, where YOU will have to save the rules like so: /sbin/iptables-save > /etc/iptables/rules.v4 (or rules.v6 should you do IPv6 ones). Only after that you will have actually saved your rules and they will persist on reboot.
If only every guide on the internet was this clearly explained, maybe the world would actually have helpdesks that understand what they're doing.
Thanks man.
I work at a helpdesk and I agree.
@@carrycat876 lol, I feel your pain (have some experience myself)
I came to review the iptables syntax for an upcoming exam and watched the whole lecture because you are an excellent teacher. Thanks for clarifying many questions I didn't know I had about iptables.
Thank you for this video! I'm in the process of setting up a DD-WRT router with multiple VLANs which uses iptables for defining firewall rules. I've never used it before, so your explanation was extremely helpful!
Great video explaining most of the basics, thank you. But I would have appreciated a bit of a deeper dive into the internal decision making of iptables. How does it decide what table to use. Or in what order are which chanes of which table applied. I think that would be very important additional basics that may not be necessary for simple use cases like they are shown here. But are really important for more advanced use cases later on. Maybe a follow up video?
Helped me so much when trying to understand this for a college assignment. Thank you so much!
Thanks for this. Very straight forward and helped me to figure out how to start using iptables!
Was scared of Iptables until I saw this video.
Thanks
video title: iptables Complete Guide
video content: We will not be talking about the NAT Tables or the Mangle Tables. So really only 1/3 of IP Tables.
Thanks for a clear and concise guide. Very helpful.
Subscribed.
Thank you a lot! I didn't get what was this about in a hole semester and now it's completely clear because of you.
Greetings from 📌Tero Violado - Argentina
Great explanation, thank you!
You've covered the 2 Chains that handle local ingres and egress. If love to see another video that explains the other 9 tables.
me too
Great video. Just one doubt, aren't we supposed to curl the website:443 instead of a ping?
ping is handled by the network layer and the curl requests are handled by the application layer. iptables at best can block ports which is in the network and transport layer.
For this particular scenario curl would have been better to test or even telnet to something on the web on port 443. Ping its not used to test TCP protocol, it uses ICMP which is different protocol. @@gsander3102
yes. ping is ICMP. if you want to test outgoing connections to port 443, you need to try an outgoing connection to that port, e.g. using curl.
I never wanted to learn IPTABLES and just hated it..but with your explanation I am back in this OS Firewall game....
What an incredibly in depth explanation of IPTables and configuration. Thank you!
In depth? Are you serious?
thanks for taking time to make this content
Best explanation so far, thank you!
ahh i hate ip-tables - but when you teach it! its wonderful :D
Thank you very much for the feedback, I am glad you found the video helpful.
very ncie beginning. "iptables Complete Guide" beside nat and mangle
Very grate ! It is very simple to understand. Thank you!
Thanks for the great video. Made such a terrifying concept so simple. But, I think the reason for the ping failure wasn't due to the filtering rule, but it was the DNS problem. Apparently, the DNS server is not set, and thus, it can't resolve the given URL.
ROFL
the issue is that PING uses ICMP, and it does not take urls, it takes either IPs or domains, that is why it was complaining about the syntax. Anyway it could not be used for this particular test.
I needed a refresher, this was perfect thank you.
Excellent video, very clear and helpful. Well done.
It is a great explanation. Thank you so much for this video!
Very informative video. Thanks
Thanks for the clarifying video. You should make one on getting udp to work with 1 system streaming/recording with FFMPEG locally on OBS Studio to another system catching it to stream because I haven't found one that has really helped.
name or service unknown means that fqdn is not resolved by dns.. its not reaching or hitting any output chain. But video is good
Thanks for the session. Can you please take a session about ebtables
Can you explain about -f option and how iptable treat the fragmented packet?
how was he able to connect to the server via Weblish after setting INPUT to DROP? Should that not also connect over SSH and so also be dropped?
Great explanation, thank you!
Great and concise explanation, thanks. But persisting iptables does not work like this.
Do you have a recommended format set of rules to secure a WordPress site?
Amazing, thank you so much ! :)
The sound is clearly 🎉
Thanks for your information and cooperation sir
Hi i'm using zorin os and i want to create a whitelist list so that the user using that laptop will be able to access only those site which I have added in that list and if he tries to access other sites it will show its blocked so how can I do it. Please help
Very good and clear.
Great video!
I just learned iptables is a limited gui console for nftables. Iptables is nftables. On the cli can type iptables -S or nft list tables and then list the table, like nft list table ip filter, using sudo of course
Hello bro.
What I do?
iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Thankssss!
Thanks! And so on and so forth :)
This was so helpful
so great, thank you.👍🏻
I appreciate the effort, but first: it's not a complete guide, and second: iptables-save "saves" the state on the screen. To make the changes permanent you need to run 'iptables-save > /etc/iptables/rules.v4' previously installing the iptables-persistent package.
Mate i need help plesae.
😭😭sbin iptables - save doesnt save so i created a script and a service for launching it at every reboot but it makes bug my system what to do to save iptables rules pleaaase but the video is and will be very usefull thanks alot
good class. Than you very much
ty fam you made it simple as fuck !!!
Is it necessary to uninstall any pre-installed firewalls before using iptables
Yes, it is best practice as mentioned here www.linode.com/docs/guides/what-is-iptables/#installing-iptables
@@AkamaiDeveloper thanks
Hi Guys! I was trying to connect my company by one VPN from that IP i got another VPN to connect another company. Could someone give me some advices ?
Thank you!
You are just subscribed.
Is iptables similar to the uncomplicated firewall?
Uncomplicated Firewall technically is a frontend for iptables. More info here wiki.ubuntu.com/UncomplicatedFirewall
When he tries to ping hackersploit it says that the service is unknown because the server can't even reach out to a DNS server to check the IP of the website! :) (I think)
Well this made my overthinking head, going crazy.... As because of this video it doesn't seem to be that hard to understand
Can we port forward using iptables
Yes, but you should also be aware of your firewall settings on the system. more info here www.systutorials.com/port-forwarding-using-iptables/
@@AkamaiDeveloper thanks linode
how about phone android??
Title is missleading :( What kind of "Complete Guide" is this? That's just about filter, accepting or dropping packets. Port redirection, NAT and mangle not covered at all, I'm disappointed. Thumb down, sorry man.
Good man!
Fantastic
Note, normally you don't have a unique public IP because your internet provider is letting you share the IP with other people. So this is in most cases NOT a good way to block all users except yourself...
How is this upposed to be a complete guide if you from start say that you won't be considering NAT and MANGLE tables.
Exactly this
😍😍😍
Thanks
Click bait! Titles says IPTABLES COMPLETE GUIDE but showing FILTER TABLES only. Your titles should be "iptables filter table complete guide" as nat and mangle table part of the complete IPTABLES guide!
Like!
useful
👌
GRAPE
i don't like the way you explain, u just give random information and jump from point to point.
you must first clear things like how the form of the command is ( like what is L and you can replace it with A or I or D and for the next you will specify the chain then .... until J) , and then start doing examples
woeful.. To call this a complete guide is a BIG stretch, when only input & output chains are covered. Locking yourself out with second command just made me laugh, reminding me of an old saying - If you can't cut it in the real world, you teach.. well try to anyway..
Title: complete guide
3 min into the video: yeah so i dont give a shit about 2/3 of the software so i wont explain it
This video is worthless
iptables could be made 10x more readable and easier to use by just changing the names and terminology , FFS !!!
thx for great video and the efforts but... iptables is dying
Hello, i'm facing a DDOS attack on my VPS,
i'm new to use ufw, and iptables, i'm Trying to Block IP Address Attacker,
all commands working fine, but ip address not blocking, what to do ?
tried with ufw, and iptables both. but not blocking.
redirect your traffic to cloudflare protection service
You don't save just like that! It's a great video and I learnt from it, but - quite dangerously misleading - actual saving is done nothing like the video shows. What video shows by /sbin/iptables-save is merely output to the screen and nothing else. Once you reboot your server all your rules will fly away! Unless you make them PERSISTENT by installing the relevant package (apt install iptables-persistent), which will make /etc/iptables dir for you, where YOU will have to save the rules like so: /sbin/iptables-save > /etc/iptables/rules.v4 (or rules.v6 should you do IPv6 ones). Only after that you will have actually saved your rules and they will persist on reboot.
What an incredibly in depth explanation of IPTables and configuration. Thank you!