IPtables (Netfilter):
IPtables is the default firewall for Linux.
It’s a vast subject which cannot be covered in one day. I will try to give as
much info as possible at the same time not to make it complex. Let’s start with
basics.
What is a firewall?
A firewall is a part of a computer system or network that is designed
to block unauthorized access while permitting authorized communications, A
IPtables firewall contains tables in which it contains rules to block or
unblock a particular communication.
A table can be
1. Filter table — used to filter packets.
2. NAT (Network Address Translator) table — Used for NAT ING of source and
destination IP address (Used for sharing internet).
3. Mangle table — it’s a combination of Filter and NAT tables.
4. RAW table — used to for
marking packets not to track.
1. Filter table
This is the default table which contains three
chains.
a) INPUT Chain: To apply a rule
on packets which are coming into the system.
b) FORWARD Chain: For packets being
routed through the system.
c) OUTPUT
Chain: For packets locally generated which
are going out from the system.
2. NAT table
This table is having three chains.
a) PREROUTING Chain: For altering the packets as soon as they come in to the system.
b) OUTPUT Chain: For packets
locally generated which are going out from the system.
c) POSTROUTING Chain: For altering the
packets which are about to go out from the system.
3. MANGLE
Table
This is a combination of forwarding, security and translating
packets. We can say this one as hybrid table of both FILTER and
NAT table. This contains five chains.
1) PREROUTING
2) OUTPUT
3) INPUT
4) FORWARD
5) POSTROUTING
4. RAW Table
Contains only two chains.
1) PREROUTING
2) OUTPUT
So let’s go to the configuration of
Iptables
In the following examples I will be taking FILTER Table to
explain.
Example1: To see/list what are the rules configured in the system.
[root@server1~]# iptables -L -t filter This will list all the rules which are created
under FILTER Table -L for listing -t for specifying table type
(here table type is FILTER)
[root@server1~]# iptables -L -t nat
[root@server1~]# iptables -L -t mangle [root@server1~]# iptables -L -t raw These three iptables are self-explanatory.
Example2: Inserting a rule in to a table
[root@server1~]# iptables -I INPUT 2 -t filter
-s 192.168.0.1/24 -j DROP
-I for inserting a rule
in to a table, so in this example I am inserting an INPUT rule and
position two (2). So depending on number we can insert a rule in any
position of a table. -s for specifying the source of this packet.
This source may be an IP address/netmask or a network-address/netmask. -j for
specifying what to do on the target packet. Here we specified to drop
any packet which comes from 192.168.0.1, so there is no reply to the
source about the packet status. With -j these are the options we
can specify.
1. DROP – For dropping a packet without informing the
status of this packet to the source/destination. So there is no
information to source/destination about the status of the packet.
2. REJECT – Will reject the packets and information is
sent to source/destination about the rejection of packet by the server.
3. ACCEPT – Will accept for the delivery of the packet to
designated destination.
4. QUEUE – This is used to
queue the packets to user space. Let me put in this way, this is just to
forward all the packets to some other utility (such as SNORT) which take care
of packet filtering.
What actually this rule is specifying?
Answer: This rule specifies it’s an input rule at
second position of the filter table to drop all the communication which is
originating from 192.168.0.1.
Example3: To append a rule in to a table
[root@server1~]# iptables -A INPUT -t filter
-d 192.168.0.0/24 -j REJECT
-A for append a
rule at the end of a table -d for specifying the destination of this
packet. This destination may be an IP address/netmask or a
network-address/netmask.
What actually this rule is specifying?
Answer: This rule specifies it’s an input rule which is appended to a filter
table to reject all the packets which are designated to 192.168.0.0 network.
Example4: Deleting particular rule [root@server1~]# iptables -D INPUT 3 -t
filter -D for specifying deletion of a rule
What actually this rule is specifying?
Answer: This rule specifies delete an input rule which
is in third position of the filter table.
Example5: Flushing/removing
entire table. [root@server1~]#
iptables -F -t filter -F for specifying to
flush/remove a table from iptables configuration.
What actually this rule is specifying?
Answer: This rule specifies flush/remove all
the rules which are in filter table.
From here we will see how to block
1) Blocking network
2) Blocking an IP
address
3) Blocking Entire
protocol stack
4) Blocking protocol
5) Blocking port(source port or Destination port)
Example6: Blocking
(Rejecting) a particular network. [root@server1~]# iptables -A INPUT -t
filter -s 192.168.0.0/24 -j REJECT
What actually this rule do? Answer: This rule specifies under filter table please block
(REJECT) all traffic from192.168.0.0 to 192.168.0.225 IP addresses,
nothing but entire 192.168.0.0/24 network.
Example7: Blocking (Rejecting) a particular IP
address [root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -j REJECT
What actually this rule do? Answer: This rule specifies under filter table please block
(REJECT) all the traffic originating from 192.168.0.1 IP address.
Example8: Blocking (Rejecting) entire protocol stack.
[root@server1~]# iptables -A INPUT -t filter -s 192.168.0.1 -p all -j REJECT
What actually this rule do? Answer: This rule specifies under filter table
please block all the traffic with all the protocols (such as TCP, UDP and
ICMP etc.) which are originating from 192.168.0.1 IP address.
Example9: Blocking a particular protocol [root@server1~]# iptables -A INPUT -t
filter -s 192.168.0.1 -p tcp -j REJECT
What actually this rule do?
Answer: This rule specifies under filter table please
block all the traffic which uses tcp protocol to communicate from 192.168.0.1
IP address.
Example10: Blocking particular destination port [root@server1~]# iptables -A
INPUT -t filter -s 192.168.0.1 -p tcp --dport 21 -s 192.168.0.1 -j REJECT
What actually this rule do? Answer: This rule specifies under filter table please block the entire FTP
(port no: 21) traffic originating from 192.168.0.1 IP address.
Example11: Blocking particular source port [root@server1~]# iptables -A OUTPUT
-t filter -d 192.168.0.1 -p udp --sport 143 -j REJECT What actually this rule do? Answer: This rule specifies under filter table please block all the
traffic which is originating from server through port 143 destinated to 192.168.0.1
to be blocked.
Saving iptables [root@server1~]# service iptables save
Why we actually require saving
iptables?
Answer: Most of the services in linux have their own
configuration files so same will be applicable for the iptables. So whenever we
do iptables save the configuration by default will be saved to /etc/sysconfig/iptables
Starting iptables
[root@server1~]# service iptables start
Restarting iptables
[root@server1~]# service iptables restart
Checking iptables is running or not
[root@server1~]# service iptables status
Checking iptables
is permanently on or not
[root@server1~]# chkconfig --list | grep
iptables
To know about the courses CLICK HERE..!!
Contact US CLICK HERE..!!
To know about the courses CLICK HERE..!!
Contact US CLICK HERE..!!
Chingón!!!
ReplyDeleteI have lot of search on google for about red hat training, finally i got a great blog for red hat certification.
ReplyDelete