[[Image:chains.png|thumb|600px|right|When using iptables packets must pass-through "a chain of policy rules" in order to handle packets. If a packet matches a rule, then an action is taken (some examples include: '''ACCEPT''', '''DROP''', '''REJECT''', or '''LOG'''); otherwise, the packet will be directed to the default policy chain. ]]

|}

Since Linux servers can be connected to the Internet, it is very important to run a firewall to control what comes into the computer system, what goes out of the computer system, and what may be forwarded to another computer. A utility called '''iptables''' can be used to set the firewall rules on a Linux server.

:*'''OUTPUT''': Packets leaving current Linux server

:*'''FORWARD''': Packets being routed between Linux servers

Let's get some practice using the iptables command as we introduce concepts such as listing CHAIN rules, and clearing the CHAIN rules:

Usually when setting policy rules with iptables, a general "overall" policy is set (default policy chain), and then set policy rules in other chains which act as exceptions to the default policy. A general policy would apply to ALL types of packets (tcp, udp, icmp) and all communication port numbers (80, 22, etc).