diff --git a/services/nftables/nft.conf b/services/firewall/iptables/iptables.rules
similarity index 100%
rename from services/nftables/nft.conf
rename to services/firewall/iptables/iptables.rules
diff --git a/services/firewall/iptables/iptablesRules.md b/services/firewall/iptables/iptablesRules.md
new file mode 100644
index 0000000..d5ec84a
--- /dev/null
+++ b/services/firewall/iptables/iptablesRules.md
@@ -0,0 +1,33 @@
+# IPTABLES
+
+## Introduction
+
+* `iptables` is a systemd service and hence started accordingly.
+* `/etc/iptables/iptables.rules` will be applied when you start or enable the `iptables.service`.
+* After adding rules via command-line as shown in the following sections, the configuration file is not changed
+  automatically — you have to save it manually:
+
+  ```iptables-save -f /etc/iptables/iptables.rules
+  ```
+
+* Listing rules with `iptables -nvL`.
+
+## Basic Rules (Offline setup)
+
+### FORWARD
+
+* First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP
+ `iptables -P FORWARD DROP`
+
+## INPUT
+
+1. `iptables -A INPUT -i lo -j ACCEPT`
+2. `iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT`
+3. `iptables -A INPUT -n conntrack -ctstate INVALID -j DROP`
+4. `iptables -A INPUT -j DROP`
+5. `iptables -A INPUT -p tcp --dport ssh -j ACCEPT`
+
+## OUTPUT
+
+1. `iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT`
+2. `iptables -A OUTPUT -j DROP`
diff --git a/services/firewall/nftables/nft.conf b/services/firewall/nftables/nft.conf
new file mode 100644
index 0000000..e69de29