Wednesday, 1 May 2013

IPTables- Linux Firewall

iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables, iptables,

Firewall is a part of computer network which is designed to block unauthorized packets and allow authorized ones. It handles traffic over ports and depending upon certain rule-sets, it allows or blocks the packet flow. We can easily find these firewalls in many institutes and organizations, where access to social networking sites is not permitted for the users.

IPTables is a firewall used in Linux. It contains certain tables which maintain some rules, which decide whether to a allow particular communication or not. The packets go through these chains of rules and necessary action is taken. We can create as many chains as we want and link them together to control the packet flow.

These tables are categorized as follows:
  • Filter Table - Used to filter packets.
  • NAT (Network Address Translation) table - Used for altering source and/or destination IP address(Used when multiple network interfaces are activated).
  • Mangle table - Its a combination of Filter and NAT table.
  • RAW table - Used to mark those packets which are not to be tracked.
Filter table :
It is the default table and includes three chains.
  • INPUT Chain : For packets coming into the system or destined for the system.
  • FORWARD Chain : For packets travelling (being routed) through the system.
  • OUTPUT Chain : For packets leaving the system or originating from the system.
NAT table : 
It has three chains.
  • PREROUTING Chain : For altering the packets just after they enter the system
  • OUTPUT Chain : For packets which are leaving the system.
  • POSTROUTING Chain : For altering the packets which are about to leave the system.
MANGLE Table : 
This  table contains five chains.
  • PREROUTING
  • OUTPUT
  • INPUT
  • FORWARD
  • POSTROUTING
RAW Table : 
It contains two chains.
  • PREROUTING
  • OUTPUT

IPTables Configuration

To list the rules configured in the system

Syntax: sudo iptables -L -t table_name

This will list all the rules which are created under the specified table.
-L stands for Listing.
-t stands for target table.
sudo iptables -L -t nat will list all the entries created under NAT table.
Similar is the case for sudo iptables -L -t filter , sudo iptables -L -t mangle and sudo iptables -L -t raw.

Inserting a rule in to a table

sudo iptables -I INPUT 2 -t filter -s 10.10.6.203/24 -j DROP
-I stands for Insert and used for inserting a rule into a chain at a specific position, number 2 in this case.
-s stands for source of a packet. It is used to to indicate IP address of the system from where the packet is generated.
-j stands for jump to the action. Actions associated with this can be anyone of the following:

  • DROP – Silently drops the packet without informing to user.
  • REJECT – Packet is rejected and user is notified with an ICMP message.
  • ACCEPT – Accepts the packet.
This rule adds an entry to input chain at second position of the filter table and tells to drop all the packets originating from 10.10.6.203.

Appending a rule into a table

sudo iptables -A INPUT -t filter -d 10.10.6.203/24 -j REJECT

-A stands for add/append. It adds a rule at the end of a table.
-d stands for destination IP address of packet.

This rule will add an entry at the bottom of input chain of filter table which tells that all the packets destined to the network 10.10.6.0 should be rejected.

Deleting a particular rule

sudo iptables -D INPUT 3 -t filter

-D stands for Delete.It will delete a particular rule, rule no. 3 in this case.


This rule will delete 3rd rule of the input chain of filter table.

In order to delete all the rules, following command can be used:
sudo iptables -F -t filter
where -F stands for Flush/Remove all the rules.

Blocking a particular protocol

sudo iptables -A INPUT -t filter -s 10.10.6.203 -p tcp -j REJECT

-p stands for Protocol. The protocol name on which the rule is to be applied, should be mentioned here (TCP in this case).

This rule will block all TCP packets coming from 10.10.6.203

Similarly, if we use -p all instead, packets of all protocols originated from 10.10.6.203 will be blocked.

If we write -p tcp -dport 22, all the packets arriving from 10.10.6.203 asking for SSH service of TCP protocol will be blocked. Note that -dport stands for destination port and SSH uses port no. 22 of TCP.

Saving your Ruleset

If by some means your systems restarts, you will lose all the changes made in IPTables, because whenever you add those entries, those are saved in volatile memory. So make sure that you save all the rules if you want to make those changes permanent.

  • for CentOS and Fedora
    # /etc/init.d/iptables save
  • for Ubuntu
    # iptables-save > /etc/iptables.rules
  • for all other Distros
    # iptables-save > /etc/sysconfig/iptables
These commands will invoke all your saved IPTable rules whenever system reboots and you need not enter them manually again.

IPTables Manual Page here.

Summary

Hopefully this article will help you to create a simple firewall which can protect your system from various attacks. Believe me, IPTables is such a powerful tool using which you can do whatever to wish with the network traffic. If you need help creating more rules here is a link to an Easy Firewall Generator for IPTables.


Share This Post:

1 comment:

    Total Pageviews