Menu

IPTables for beginners

A big advantage of Linux as opposed to any windows in the field of security is the firewall in other words 'IPtables'.
In order to view the current configuration the simplest way is to issue the command  
# /etc/init.d/iptables status
This will show the rules we have configured this far with the number of each rule.


The iptables has 3 default tables (chains)
                INPUT –packets destined to the device
                OUTPUT – packets originating  from the device
                FORWARD – packets that match neither of these chains, used for NAT configuration.
Any changes are made by the following syntax # iptables –[option] [CHAIN] [action]
Most used options are: 
  • A (Add to the end of the chain)
  • D (Delete), for example to delete rule 2 -  # iptables -D OUTPUT 2
  • I (Insert) , for example to another rule before number 5 - # iptables -I INPUT 4
  • L (display) ,display rules on the inbound chain will be #i ptables –L INPUT

Inside the chain use those options to specify the rules :
  • i (match input interface)
  • o (match destination interface)
  • s (match source IP)
  • d (match destination IP) 
  • p (match protocol type)
  • m –state (match packet state)
  • m [protocol ]--dport (match destination port)
  • m [protocol ]--dport (match source port)
  • j ( action to perform on the packet)


for example let's say I wish to block NEW HTTP sessions to the device, it sould look like this :
# iptables –A INPUT  -i eth0 –p tcp –m tcp --dport 80  -m state --state NEW –j DROP
Or allow all traffic related to an existing session or on the other hand an "establish" packet type
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Note that when adding a new rule, any missing information translated to "any" so in the previous example we did not need to state the source or destination seeing as we needed to match all.

When done editing make sure to save the settings in order to be loaded the next time the system boot's up, to do so issue
# Service iptables save
This should be a good starting point to practice IPtables,
Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N

LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR
By

1 comment:

  1. Anonymous10 February, 2012 22:26

    thank netwrklabs team
    this post was really helpful for me

    ReplyDelete

Subscribe to: Post Comments (Atom)