IPTABLES Explained

 IPtables (Netfilter):

IPtables is the default firewall for Linux. It’s a vast subject which cannot be covered in one day. I will try to give as much info as possible at the same time not to make it complex. Let’s start with basics.

What is a firewall?

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications, A IPtables firewall contains tables in which it contains rules to block or unblock a particular communication.

A table can be

1. Filter table — used to filter packets.

2. NAT (Network Address Translator) table — Used for NAT ING of source and destination IP address (Used for sharing internet).

3. Mangle table — it’s a combination of Filter and NAT tables.

4. RAW table — used to for marking packets not to track.

1. Filter table

This is the default table which contains three chains.

a) INPUT Chain: To apply a rule on packets which are coming into the system.

b) FORWARD Chain: For packets being routed through the system.

c) OUTPUT Chain: For packets locally generated which are going out from the system.

2. NAT table

This table is having three chains.

a) PREROUTING Chain: For altering the packets as soon as they come in to the system.

b) OUTPUT Chain: For packets locally generated which are going out from the system.

c) POSTROUTING Chain: For altering the packets which are about to go out from the system.

3. MANGLE Table

This is a combination of forwarding, security and translating packets. We can say this one as hybrid table of both FILTER and NAT table. This contains five chains.

1) PREROUTING

2) OUTPUT

3) INPUT

4) FORWARD

5) POSTROUTING

4. RAW Table

Contains only two chains.

1) PREROUTING

2) OUTPUT

So let’s go to the configuration of Iptables

In the following examples I will be taking FILTER Table to explain.

Example1: To see/list what are the rules configured in the system.

[root@server1~]# iptables -L -t filter This will list all the rules which are created under FILTER Table -L for listing -t for specifying table type (here table type is FILTER)

[root@server1~]# iptables -L -t nat [root@server1~]# iptables -L -t mangle [root@server1~]# iptables -L -t raw These three iptables are self-explanatory.

Example2: Inserting a rule in to a table

[root@server1~]# iptables -I INPUT 2 -t filter -s 192.168.0.1/24 -j DROP

-I for inserting a rule in to a table, so in this example I am inserting an INPUT rule and position two (2). So depending on number we can insert a rule in any position of a table. -s for specifying the source of this packet. This source may be an IP address/netmask or a network-address/netmask. -j for specifying what to do on the target packet. Here we specified to drop any packet which comes from 192.168.0.1, so there is no reply to the source about the packet status. With -j these are the options we can specify.

1. DROP – For dropping a packet without informing the status of this packet to the source/destination. So there is no information to source/destination about the status of the packet.

2. REJECT – Will reject the packets and information is sent to source/destination about the rejection of packet by the server.

3. ACCEPT – Will accept for the delivery of the packet to designated destination.

4. QUEUE – This is used to queue the packets to user space. Let me put in this way, this is just to forward all the packets to some other utility (such as SNORT) which take care of packet filtering.

What actually this rule is specifying?

Answer: This rule specifies it’s an input rule at second position of the filter table to drop all the communication which is originating from 192.168.0.1.

Example3: To append a rule in to a table

[root@server1~]# iptables -A INPUT -t filter -d 192.168.0.0/24 -j REJECT

-A for append a rule at the end of a table -d for specifying the destination of this packet. This destination may be an IP address/netmask or a network-address/netmask.

What actually this rule is specifying?

Answer: This rule specifies it’s an input rule which is appended to a filter table to reject all the packets which are designated to 192.168.0.0 network.

Example4: Deleting particular rule [root@server1~]# iptables -D INPUT 3 -t filter -D for specifying deletion of a rule

What actually this rule is specifying?

Answer: This rule specifies delete an input rule which is in third position of the filter table.

Example5: Flushing/removing entire table. [root@server1~]# iptables -F -t filter -F for specifying to flush/remove a table from iptables configuration.

What actually this rule is specifying?

Answer: This rule specifies flush/remove all the rules which are in filter table.

From here we will see how to block

1) Blocking network

2) Blocking an IP address

3) Blocking Entire protocol stack

4) Blocking protocol

5) Blocking port(source port or Destination port)

Example6: Blocking (Rejecting) a particular network. [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.0/24 -j REJECT

What actually this rule do? Answer: This rule specifies under filter table please block (REJECT) all traffic from192.168.0.0 to 192.168.0.225 IP addresses, nothing but entire 192.168.0.0/24 network.

Example7: Blocking (Rejecting) a particular IP address [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -j REJECT

What actually this rule do? Answer: This rule specifies under filter table please block (REJECT) all the traffic originating from 192.168.0.1 IP address.

Example8: Blocking (Rejecting) entire protocol stack. [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -p all -j REJECT

What actually this rule do? Answer: This rule specifies under filter table please block all the traffic with all the protocols (such as TCP, UDP and ICMP etc.) which are originating from 192.168.0.1 IP address.

Example9: Blocking a particular protocol [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -p tcp -j REJECT

What actually this rule do?

Answer: This rule specifies under filter table please block all the traffic which uses tcp protocol to communicate from 192.168.0.1 IP address.

Example10: Blocking particular destination port [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -p tcp --dport 21 -s 192.168.0.1 -j REJECT

What actually this rule do? Answer: This rule specifies under filter table please block the entire FTP (port no: 21) traffic originating from 192.168.0.1 IP address.

Example11: Blocking particular source port [root@server1~]# iptables -A OUTPUT -t filter -d 192.168.0.1 -p udp --sport 143 -j REJECT What actually this rule do? Answer: This rule specifies under filter table please block all the traffic which is originating from server through port 143 destinated to 192.168.0.1 to be blocked.

Saving iptables [root@server1~]# service iptables save

Why we actually require saving iptables?

Answer: Most of the services in linux have their own configuration files so same will be applicable for the iptables. So whenever we do iptables save the configuration by default will be saved to /etc/sysconfig/iptables

Starting iptables

[root@server1~]# service iptables start

Restarting iptables

[root@server1~]# service iptables restart

Checking iptables is running or not

[root@server1~]# service iptables status

Checking iptables is permanently on or not

[root@server1~]# chkconfig --list | grep iptables

To know about the courses CLICK HERE..!!


Contact US CLICK HERE..!!