Sign In
Sign In

Port Forwarding in Linux with Iptables

Port Forwarding in Linux with Iptables
Hostman Team
Technical writer
Linux Network
09.04.2025
Reading time: 10 min

Have you ever hosted a server (game or web) on your home computer and shared your IP address with friends, but no one could connect?

The issue lies in your router, which hides connected devices behind its own IP address. Everything within the router is a local network, while everything outside is a global network. However, there is no direct mediator between them, only a barrier preventing external connections.

The solution is port forwarding, a technology that directs external requests to an internal device and vice versa. In Linux operating systems, the iptables utility is used for this purpose, which will be the focus of this article.

The commands shown in this guide were executed on a Hostman cloud server running Ubuntu 22.04.

What Is Port Forwarding?

Port forwarding (also known as port mapping) redirects network traffic from one port to another, either through a router (hardware-level) or a firewall (software-level).

With port forwarding, devices within a local network become accessible from the global network. Without it, external requests cannot reach internal devices.

Common scenarios where port forwarding is needed:

  • Connecting to a home server (game server, surveillance cameras, data storage).
  • Hosting game servers or websites on a home PC.
  • Accessing a remote desktop.
  • Remote device management.

For example, if a server in a local network operates on port 8080, port forwarding allows it to be accessed from the global network through port 80.

Example Setup:

  1. A computer with IP 192.168.1.100 (internal/gray IP) runs a web server listening on port 8080.
  2. The computer is within a Wi-Fi router’s local network, which has an external IP 203.0.113.10 (public/white IP), listening on port 80.
  3. All global network requests to port 80 on the router are forwarded to port 8080 on the internal computer.

This setup allows us to redirect incoming traffic from the global network to the local network.

How Does Port Forwarding Work in Linux?

Linux has built-in tools for handling incoming and outgoing traffic. These tools act as a packet filtering and modification pipeline.

Port forwarding in Linux is based on NAT (Network Address Translation), configured using the iptables system utility.

What Is NAT?

NAT (Network Address Translation) is a technique that converts external requests from the global network into internal requests within the local network (and vice versa).

Technically, NAT modifies IP addresses and ports in data packets. It is not a standalone utility but a concept or approach.

There are two main types of NAT:

  • SNAT (Source NAT) – Modifies the source IP address in outgoing packets.
  • DNAT (Destination NAT) – Modifies the destination IP address in incoming packets.

While NAT protects the local network from external access, it requires port forwarding for incoming connections.

What Is Iptables and How Does It Work?

Iptables is a Linux utility used to configure NAT (and more) by modifying tables with rule chains that control traffic.

Iptables has five main rule chains:

  • INPUT – Handles incoming packets.
  • FORWARD – Handles forwarded packets.
  • OUTPUT – Handles outgoing packets.
  • PREROUTING – Handles packets before routing.
  • POSTROUTING – Handles packets after routing.

Iptables has five tables, each using specific rule chains:

  • filter – Allows or blocks packets (INPUT, FORWARD, OUTPUT).
  • nat – Modifies IP addresses and ports (OUTPUT, PREROUTING, POSTROUTING).
  • mangle – Alters packet headers (INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING).
  • raw – Controls connection filtering (OUTPUT, PREROUTING).
  • security – Applies additional security policies (INPUT, FORWARD, OUTPUT).

The rule chains act as hooks in the packet processing pipeline, allowing iptables to implement port forwarding in Linux.

How Port Forwarding Works in Iptables

Port forwarding in iptables follows a standard packet processing flow based on three possible directions:

  • Incoming (INPUT) – Packets sent to the local system.
  • Outgoing (OUTPUT) – Packets sent from the local system.
  • Forwarded (FORWARD) – Packets routed through the system.

Incoming Packets (INPUT) Processing Order

  1. raw (PREROUTING) – Connection filtering.
  2. mangle (PREROUTING) – Packet modification.
  3. nat (PREROUTING) – Changes the destination address.
  4. If the packet is for this system, continue to INPUT processing. Otherwise, forward it.
  5. mangle (INPUT) – Final packet modification.
  6. filter (INPUT) – Packet filtering.
  7. security (INPUT) – Security policy enforcement.

Outgoing Packets (OUTPUT) Processing Order

  1. raw (OUTPUT) – Connection filtering.
  2. mangle (OUTPUT) – Packet modification.
  3. nat (OUTPUT) – Changes the destination address.
  4. filter (OUTPUT) – Final packet filtering.
  5. security (OUTPUT) – Security policy enforcement.
  6. mangle (POSTROUTING) – Final packet modification.
  7. nat (POSTROUTING) – Changes the source address.

Forwarded Packets (FORWARD) Processing Order

  1. raw (PREROUTING) – Connection filtering.
  2. mangle (PREROUTING) – Packet modification.
  3. nat (PREROUTING) – Changes the destination address.
  4. Forwarding decision is made.
  5. mangle (FORWARD) – Packet modification.
  6. filter (FORWARD) – Packet filtering.
  7. security (FORWARD) – Security policy enforcement.
  8. mangle (POSTROUTING) – Final packet modification.
  9. nat (POSTROUTING) – Changes the source address.

General Processing Order of Tables:

  1. raw
  2. mangle
  3. nat
  4. filter
  5. security

Types of Port Forwarding

Common types of port forwarding include:

  1. Local Forwarding – Redirects traffic within the same machine. Example: An application on a local server sends a request to a specific port.
  2. Interface Forwarding – Redirects traffic between different network interfaces. Example: A packet from the global network arrives on one interface and is forwarded to another.
  3. Remote Host Forwarding – Redirects traffic from a remote server to a local host. Example: A request from a remote server is forwarded to a local machine.

Each type of port forwarding is implemented using a specific set of rules in the iptables tables.

Using the Iptables Command

In most Linux distributions, the iptables utility is already installed. You can check this by querying its version:

iptables --version

If iptables is not installed, you need to install it manually. First, update the package list:

sudo apt update

Then, install it:

sudo apt install iptables -y

By default, Linux uses the ufw firewall, which automatically configures iptables. To avoid conflicts, you must stop the ufw service first:

sudo systemctl stop ufw

Then, disable it:

sudo systemctl disable ufw

Iptables Command Structure

The basic syntax of the iptables command is as follows:

iptables [TABLE] [COMMAND] [CHAIN] [NUMBER] [CONDITION] [ACTION]

In each specific command, only some of these parameters are used:

  • TABLE: The name of one of the five tables where the rule is added.
  • COMMAND: The operation to perform on a specific rule or chain.
  • CHAIN: The name of the chain where the operation is performed.
  • NUMBER: The rule number to manipulate.
  • CONDITION: The condition under which the rule applies.
  • ACTION: The transformation to be applied to the packet.

Selecting a Table

The -t flag specifies the table to operate within:

For filter:

iptables -t filter

For nat:

iptables -t nat

For mangle:

iptables -t mangle

For raw:

iptables -t raw

For security:

iptables -t security

If the -t flag is not specified, the default table is filter. The security table is rarely used.

Manipulating Rules

We can perform different operations on rules within each chain:

Add a rule to the end of a chain (-A):

iptables -A INPUT -s 192.168.123.132 -j DROP

This rule blocks incoming connections from the specified IP address.

Delete a rule by its number (-D):

iptables -D OUTPUT 7

Insert a rule at a specific position (-I):

iptables -I INPUT 5 -s 192.168.123.132 -j DROP

Replace a rule (-R):

iptables -R INPUT 5 -s 192.168.123.132 -j ACCEPT

This replaces a previously added blocking rule with an allow rule.

Flush all rules in a chain (-F):

iptables -F INPUT

Manipulating Chains

We can also perform operations on entire chains:

Create a new chain (-N):

iptables -N SOMENAME

Delete a chain (-X):

iptables -X SOMENAME

Rename a chain (-E):

iptables -E SOMENAME NEWNAME

Set default policy for a chain (-P):

iptables -P INPUT DROP

This blocks all incoming connections to the server.

Reset statistics for a chain (-Z):

iptables -Z INPUT

Setting Conditions

Each rule can have conditions for its execution:

Specify the protocol (-p):

iptables -A INPUT -p tcp -j ACCEPT

This allows incoming connections using the TCP protocol.

Specify the source address (-s):

iptables -A INPUT -s 192.168.123.132 -j DROP

Specify the destination address (-d):

iptables -A OUTPUT -d 192.168.123.132 -j DROP

Specify network interface for incoming traffic (-i):

iptables -A INPUT -i eth2 -j DROP

Specify network interface for outgoing traffic (-o):

iptables -A OUTPUT -o eth3 -j ACCEPT

Specify the destination port (--dport):

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Specify the source port (--sport):

iptables -A INPUT -p tcp --sport 1023 -j DROP

Negate a condition (!):

iptables -A INPUT ! -s 192.168.123.132 -j DROP

This blocks all incoming connections except from the specified IP address.

Specifying Actions

Each table supports different actions:

For the filter table:

  • ACCEPT – Allow the packet.
  • DROP – Block the packet.
  • REJECT – Block the packet and send a response.
  • LOG – Log packet information.
  • RETURN – Stop processing in the current chain.

For the nat table:

  • DNAT – Change the packet’s destination address.
  • SNAT – Change the packet’s source address.
  • MASQUERADE – Change the source address dynamically.
  • REDIRECT – Redirect traffic to the local machine.

Port Forwarding with Iptables

Local Port Forwarding

To redirect local traffic from one port to another:

sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80

To remove the rule:

sudo iptables -t nat -D PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80

Forwarding Between Interfaces

To forward port 8080 from interface eth0 to port 80 on eth1:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 10.0.0.100:80

Then, allow packet forwarding:

sudo iptables -A FORWARD -p tcp -d 10.0.0.100 --dport 80 -j ACCEPT

Forwarding to a Remote Host

To forward incoming packets to a remote server:

Enable packet forwarding in the system settings:

echo 1 > /proc/sys/net/ipv4/ip_forward

Add a port forwarding rule:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.100:80

Allow forwarded packets to be sent out:

sudo iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.100 --dport 80 -j MASQUERADE

Alternatives to iptables for Port Forwarding

It should be noted that iptables is not the only tool for traffic management. There are several popular alternatives.

nftables

nftables is a more modern tool for managing traffic in Linux. Unlike iptables, it does not have predefined tables, and its syntax is more straightforward and concise.

Additionally, this utility uses a single command, nft, to manage all types of traffic: IPv4, IPv6, ARP, and Ethernet. In contrast, iptables requires additional commands such as ip6tables, arptables, and ebtables for these tasks.

firewalld

firewalld is a more complex traffic management tool in Linux, built around the concept of zones and services. This allows network resources to be assigned different levels of security.

The configuration of firewalld is broader and more flexible. For example, instead of manually defining rules for each port, we can specify specific services.

Additionally, firewalld provides a more interactive command-line interface, allowing real-time traffic management.

Conclusion

While there are alternatives, iptables remains the primary tool for traffic control in Linux. It provides a structured way to filter, modify, and forward packets, making it a powerful solution for managing network traffic.

Linux Network
09.04.2025
Reading time: 10 min

Similar

Linux

How to Find a File in Linux

In Unix-like operating systems, a file is more than just a named space on a disk. It is a universal interface for accessing information. A Linux user should know how to quickly find the necessary files by name and other criteria.  The locate Command The first file search command in Linux that we will look at is called locate. It performs a fast search by name in a special database and outputs all names matching the specified substring. Suppose we want to find all programs that begin with zip. Since we are looking specifically for programs, it is logical to assume that the directory name ends with bin. Taking this into account, let’s try to find the necessary files: locate bin/zip Output: locate performed a search in the pathname database and displayed all names containing the substring bin/zip. For more complex search criteria, locate can be combined with other programs, for example, grep: locate bin | grep zip Output: Sometimes, in Linux, searching for a file name with locate works incorrectly (it may output names of deleted files or fail to include newly created ones). In such a case, you need to update the database of indexes: sudo updatedb locate supports wildcards and regular expressions. If the string contains metacharacters, you pass a pattern instead of a substring as an argument, and the command matches it against the full pathname. Let’s say we need to find all names with the suffix .png in the Pictures directory: locate '*Pictures/*.png' Output: To search using a regular expression, the -r option is used (POSIX BRE standard): locate -r 'bin/\(bz\|gz\|zip\)' The find Command find is the main tool for searching files in Linux through the terminal. Unlike locate, find allows you to search files by many parameters, such as size, creation date, permissions, etc. In the simplest use case, we pass the directory name as an argument and find searches for files in this directory and all of its subdirectories. If you don’t specify any options, the command outputs a list of all files.  For example, to get all names in the home directory, you can use: find ~ The output will be very large because find will print all names in the directory and its subdirectories.  To make the search more specific, use options to set criteria. Search Criteria Suppose we want to output only directories. For this, we will use the -type option: find ~/playground/ -type d Output: This command displayed all subdirectories in the ~/playground directory. Supported types are: b — block device c — character device d — directory f — regular file l — symbolic link We can also search by size and name. For example, let’s try to find regular files matching the pattern .png and larger than one kilobyte: find ~ -type f -name "*.png" -size +1k Output: The -name option specifies the name. In this example, we use a wildcard pattern, so it is enclosed in quotes. The -size parameter restricts the search by size. A + sign before the number means we are looking for files larger than the given size, a - sign means smaller. If no sign is present, find will display only files exactly matching the size. Symbols for size units: b — 512-byte blocks (default if no unit is specified) c — bytes w — 2-byte words k — kilobytes M — megabytes G — gigabytes find supports a huge number of checks that allow searching by various criteria. You can check them all in the documentation. Operators Operators help describe logical relationships between checks more precisely.  Suppose we need to detect insecure permissions. To do this, we want to output all files with permissions not equal to 0600 and all directories with permissions not equal to 0700. find provides special logical operators to combine such checks: find ~ \( -type f -not -perm 0600 \) -or \( -type d -not -perm 0700 \) Supported logical operators: -and / -a — logical AND. If no operators are specified between checks, AND is assumed by default. -or / -o — logical OR. -not / ! — logical NOT. ( ) — allows grouping checks and operators to create complex expressions. Must be escaped. Predefined Actions We can combine file search with performing actions on the found files. There are predefined and user-defined actions. For the former, find provides the following options: -delete — delete found files -ls — equivalent to ls -dils -print — output the full file name (default action) -quit — stop after the first match Suppose we need to delete all files with the .bak suffix. Of course, we could immediately use find with the -delete option, but for safety it’s better to first output the list of files to be deleted, and then remove them: find ~ -type f -name '*.bak' -print Output: After verification, delete them: find ~ -type f -name '*.bak' -delete User-defined Actions With user-defined actions, we can combine the search with using various Linux utilities: -exec command '{}' ';' Here, command is the command name, {} is the symbolic representation of the current pathname, and ; is the command separator. For example, we can apply the ls -l command to each found file: find ~ -type f -name 'foo*' -exec ls -l '{}' ';' Output: Sometimes commands can take multiple arguments at once, for example, rm. To avoid applying the command separately to each found name, put a + at the end of -exec instead of a separator: find ~ -type f -name 'foo*' -exec ls -l '{}' + Output: A similar task can be done using the xargs utility. It takes a list of arguments as input and forms commands based on them. For example, here’s a well-known command for outputting files that contain “uncomfortable” characters in their names (spaces, line breaks, etc.): find ~ -iname '*.jpg' -print0 | xargs --null ls -l The -print0 argument forces found names to be separated by the null character (the only character forbidden in file names). The --null option in xargs indicates that the input is a list of arguments separated by the null character. Conclusion In Linux, searching for a file by name is done using the locate and find commands. Of course, you can also use file managers with a familiar graphical interface for these purposes. However, the utilities we have considered help make the search process more flexible and efficient.
22 August 2025 · 5 min to read
Java

Switching between Java Versions on Ubuntu

Managing multiple Java versions on Ubuntu is essential for developers working on diverse projects. Different applications often require different versions of the Java Development Kit (JDK) or Java Runtime Environment (JRE), making it crucial to switch between these versions efficiently. Ubuntu provides powerful tools to handle this, and one of the most effective methods is using the update-java-alternatives command. Switching Between Java Versions In this article, the process of switching between Java versions using updata-java-alternatives will be shown. This specialized tool simplifies the management of Java environments by updating all associated commands (such as java, javac, javaws, etc.) in one go.  Overview of Java version management A crucial component of development is Java version control, especially when working on many projects with different Java Runtime Environment (JRE) or Java Development Kit (JDK) needs. In order to prevent compatibility problems and ensure efficient development workflows, proper management ensures that the right Java version is utilized for every project. Importance of using specific Java versions You must check that the Java version to be used is compatible with the application, program, or software running on the system. Using the appropriate Java version ensures that the product runs smoothly and without any compatibility issues. Newer versions of Java usually come with updates and security fixes, which helps protect the system from vulnerabilities. Using an out-of-date Java version may expose the system to security vulnerabilities. Performance enhancements and optimizations are introduced with every Java version. For maximum performance, use a Java version that is specific to the application. Checking the current Java version It is important to know which versions are installed on the system before switching to other Java versions.  To check the current Java version, the java-common package has to be installed. This package contains common tools for the Java runtimes including the update-java-alternatives method. This method allows you to list the installed Java versions and facilitates switching between them. Use the following command to install the java-common package: sudo apt-get install java-common Upon completing the installation, verify all installed Java versions on the system using the command provided below: sudo update-java-alternatives --list The report above shows that Java versions 8 and 11 are installed on the system. Use the command below to determine which version is being used at the moment. java -version The displayed output indicates that the currently active version is Java version 11. Installing multiple Java versions Technically speaking, as long as there is sufficient disk space and the package repositories support it, the administrator of Ubuntu is free to install as many Java versions as they choose. Follow the instructions below for installing multiple Java versions. Begin by updating the system using the following command:   sudo apt-get update -y && sudo apt-get upgrade -y To add another version of Java, run the command below. sudo apt-get install <java version package name> In this example, installing Java version 17 can be done by running:  sudo apt-get install openjdk-17-jdk openjdk-17-jre Upon completing the installation, use the following command to confirm the correct and successful installation of the Java version: sudo update-java-alternatives --list Switching and setting the default Java version To switch between Java versions and set a default version on Ubuntu Linux, you can use the update-java-alternatives command.  sudo update-java-alternatives --set <java_version> In this case, the Java version 17 will be set as default: sudo update-java-alternatives --set java-1.17.0-openjdk-amd64 To check if Java version 17 is the default version, run the command:  java -version The output shows that the default version of Java is version 17. Managing and Switching Java Versions in Ubuntu Conclusion In conclusion, managing multiple Java versions on Ubuntu Linux using update-java-alternatives is a simple yet effective process. By following the steps outlined in this article, users can seamlessly switch between different Java environments, ensuring compatibility with various projects and taking advantage of the latest features and optimizations offered by different Java versions. Because Java version management is flexible, developers may design reliable and effective Java apps without sacrificing system performance or stability.
22 August 2025 · 4 min to read
Linux

Linux cp Command

Linux has an unlimited set of commands to perform assigned tasks. The Linux cp command is the primary tool and the basis for copying and managing files and directories in this operating system. This function is designed to duplicate files or directories in the same or different location. Armed with this functionality, users have advanced capabilities: from creating backup copies to moving files between directories. Linux cp command is simple to learn You can find all the necessary information covered in this tutorial. You will discover how the Linux cp command and cp directory work, as well as its grammatical structures, crucial hints, parameters, settings, and recommended practices. Readers will learn the tricks of the cp command, which will help them become more proficient. You can try our Linux VPS hosting for your projects. The core of the cp command in Linux The functionality of the command allows users to control the creation of copies. One feature offers overwriting existing files, another is responsible for recursively copying a directory with its entire entities, and the third protects the first data for repeating backups. This command demonstrates more features for specific purposes and user experience during the process. A key benefit of the cp command is its exceptional accuracy in duplicating files and directories. You can be absolutely sure that the duplicated files are identical to the original ones with all its interior. Therefore, the user can replicate the original file without any changes. The cp command in Linux inherently tells the user a destination directory for storing copies in a specific repository. The command's precision makes it indispensable for both novice and advanced users. Linux cp syntax This command consists of the following parameters: source file or directory and destination directory. The basic syntax of the Linux cp command is as follows: cp [...file/directory-sources] [destination] Here [file/directory-sources] specifies the files or directories sources to copy, while the [destination] specifies the location to copy the file to. There are the letter flags to specify the way of creation a replica of files and directories: -a leaves the first file attributes the same; -r recursively replicates directories and their interior entities; -v shows copied files in detail; -i requires consent to overwrite the file; -u rewrites new or missing files in the destination directory; -f forcibly copies without user consent; -s makes a symbolic link instead of a file replica; -ra recreates an exact duplicate of a file or directory without changing attributes; -rf updates or changes a file or directory with the original name in the same place; -pv (if installed) monitors and shows the time required to complete copying large folders. How to copy files with the cp command To make a file copy, apply the cp command in Linux as follows: cp ./DirectoryA_1/README.txt ./DirectoryA_2 where ./DirectoryA_1/README.txt is the source file, and ./DirectoryA_2 is the destination. The cp command was originally designed to interact with files. To replicate directories, you must use the -r flag to command that the directory with all its interior entities to be copied recursively. Therefore, you should write cp -r before the directory sources in Linux as follows: cp -r ./DirectoryA_1/Folder/ ./DirectoryA_2 The cp -r command in Linux will recursively duplicate the Folder directory in ./DirectoryA_1/ as well as all contents in the Folder directory. For instance, if you need to replicate the whole file contents in DirectoryA_1 with the .txt extension, try following command: cp ./DirectoryA_1/*.txt ./DirectoryA_2 where ./DirectoryA_1/*.txt matches files with the .txt extension in their names, and the cp command duplicates all those data to the destination. Best practices of the cp Linux command To duplicate one unit of information via the Linux cp command, write down the file name and destination directory. For instance, to replicate a file named example.txt to the 'Documents' directory, try the following command: cp example.txt Documents/ The action leads to creating a file duplicate in the 'Documents' directory with the original name. To copy multiple files at once, utilize the cp command in Linux, specifying the file names separated by a space. For instance, to duplicate three files named 'file1.txt', 'file2.txt', and 'file3.txt' to the 'Documents' directory, try the following command: cp file1.txt file2.txt file3.txt Documents/ To replicate a directory with all its interior entities, apply the -r that means cp recursive feature in Linux. For instance, to duplicate a directory named 'Pictures' to the 'Documents' directory, try the following command: cp -r Pictures Documents/ The action leads to creating a copy of the 'Pictures' directory with all its interior contents in the 'Documents' directory. To replicate a folder in Linux, you should utilize the -r flag. For instance, to duplicate a folder named 'Pictures' from the existing directory to a folder named 'Photos' in the home directory, try the following command: cp -r Pictures/ ~/Photos/ The destination folder will be created automatically if none exists. The files in the destination folder will be combined with the core of the source folder if one already exists. The cp -a feature in Linux leaves unchanged the initial file attributes while copying. Therefore, the duplicates will have the same parameters as their originals. For instance, to replicate a file named 'example.txt' to the 'Documents' directory while leaving unchanged its attributes, try the following command: cp -a example.txt Documents/ The Linux cp -v function showcases the progress of the duplication. At the same time the user can copy large files while monitoring the process. For instance, to replicate a file named 'largefile.zip' to the 'Downloads' directory while watching the progress, try the following command: cp -v largefile.zip Downloads/ The -i option requires the consent before overwriting an initial file. to protect against an accidental file rewriting. For instance, to duplicate a file named 'example.txt' to the 'Documents' directory, if a file with the identical name already exists, the cp command will require the consent before rewriting the original file. Initially, the Linux cp command copies a file or a directory to a default location. The system allows the user to specify any other location for the duplicate file or directory. For instance, to replicate a file named 'example.txt' from the 'Documents' directory to the 'Downloads' directory, try the following command: cp Documents/example.txt Downloads/ The cp -ra function in Linux is designed to carry out the copying process of directories with all their contents inside. The -r flag gives an order to repeat all the files and directories within an existing location, while the -a flag keeps the initial attributes preserved. Therefore, it is possible to make an exact duplicate of a directory without changing attributes. For instance, if you apply the command cp -ra /home/user1/documents /home/user2, it will replicate the 'documents' directory with all its entities inside in the 'user2' directory. The new folder will show the identical attributes as the initial item. The cp -rf feature in Linux is similar to the previous -ra option. The difference between these two functions is that the -f flag rewrites the given files or directories in the destination without requiring consent. Therefore, it is possible to update or replace an item with the identical name in the place of destination. For instance, if you apply the command cp -rf /home/user1/documents /home/user2, and there is already a 'documents' directory in the 'user2' directory, it will be overwritten with the contents of the 'documents' directory from the 'user1' directory. Be careful while utilizing the -rf function. Incorrect use of it leads to data loss. Check up twice the destination folder to avoid unwanted rewriting items. It is simpler to work with files and directories when you use Linux's cp -r capability with the -a and -f settings. Whereas the -rf particle modifies or replaces files and directories, the -ra particle precisely copies a directory and everything within it. You can learn how to handle stuff in this operating system by properly applying these differences. If you want to monitor and control the process of item duplication, which is not possible with other parameters of the cp command, use the -pv utility. To install the pv utility on Debian/Ubuntu you need to open the terminal and run the following command:  apt-get install pv After the installation is complete, verify it by running the following command in the terminal pv --version To install the pv utility on CentOS/Fedora, you need to connect the EPEL repository, which contains additional software packages unavailable in the default repositories. Run in the terminal: yum install epel-release Then run the following command in the terminal:  yum install pv  After the installation is complete, verify it by running the following command in the terminal:  pv --version To use this particle with the cp command, you should utilize | symbol. You can use the ~ symbol to indicate the root directory if the full path needs to be specified. For instance, to replicate a folder named 'Documents' from the root directory to a folder named 'Backup' in the home directory, try the following action: cp -r Documents/ ~/Backup/ | pv Example of executed Linux cp command Conclusion The cp command, although not an inherently difficult tool to learn, nevertheless provides basic knowledge of using the Linux operating system in terms of managing files and directories. In this tutorial, we tried to show the capabilities of the cp command in Linux from all sides, demonstrating best practices and useful tips of its various parameters. With new knowledge, you will be able to improve your skills in interacting with files and directories in Linux. The extreme accuracy of the copying process and additional options allow you to solve a wide range of problems. Multifunctionality helps users choose the file management mode and complete tasks efficiently. The command is a prime example of the many capabilities of this operating system, including the cp with progress feature in Linux. Altogether they unlock a potential of the system for novice and advanced users.
22 August 2025 · 9 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support