IP Tables Getting Started - Part 2
Upcoming SlideShare
Loading in...5
×
 

IP Tables Getting Started - Part 2

on

  • 431 views

null Bangalore Chapter - March 2014 Meet

null Bangalore Chapter - March 2014 Meet

Statistics

Views

Total Views
431
Views on SlideShare
282
Embed Views
149

Actions

Likes
0
Downloads
7
Comments
0

1 Embed 149

http://null.co.in 149

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

IP Tables Getting Started - Part 2 IP Tables Getting Started - Part 2 Presentation Transcript

  • 22 Mar 2014 IPTables Part - 2 Nishanth Kumar n|u Bangalore chapter Lead n|u / OWASP meet
  • Agenda 22 Mar 2014 • Review of Part – 1 • Understanding of IPTables Rules • Options available in Writing IPTables Rules • Some customized commands • Demo with examples
  • Structure of IPTables 22 Mar 2014 IPTables Tables Chains Rules
  • Parameters for Rules 22 Mar 2014  The following are the Parameters available for Rules.  -A - Add / Append Rule  -I – Insert Rule  -D – Delete Rule  -R – Replace Rule  -P – Set a default policy for chain  -N – Create a New Chain  -X – Delete a Chain  -J – Attach a Chain
  • IPTables Tables 22 Mar 2014  Filter Table  NAT Table  Mangle Table  Raw Table
  • Filter Table  Default Table and used to filter packets  3 built in Chains  INPUT chain – Incoming to firewall packets coming to local server  OUTPUT chain – Outgoing from firewall packets generated locally and going out of the local server  FORWARD chain – packet for another NIC on the local server packets routed through the local server 22 Mar 2014
  • NAT Table  Used for natting the packets src & dst IP  PREROUTING chain – alters packets before routing  POSTROUTING chain – alters packets after routing  OUTPUT chain – NAT for locally generated packets on firewall 22 Mar 2014
  • Mangle Table  Used for Specialized Packet alteration like QOS bits in TCP header o PREROUTING chain o OUTPUT chain o FORWARD chain o INPUT chain o POSTROUTING chain 22 Mar 2014
  • Few 0ptions - 1  -p is for Protocol  Possible values are tcp , udp , 6 , 17  We can also use --protocol  -j is for Target  Jump to target --jump  Specifies what need to happen to the packet that matches this firewall rule  Possible values are ACCEPT , DROP , QUEUE , RETURN  We can also specify other user defined chain as target value 22 Mar 2014
  • Few options - 2  -s is for Source  Source of the Packet  Ip address , network address , hostname  Ex: -s 192.168.1.5 , --src 192.168.1.0/24  -d is for Destination  destination of the Packet  Ip address , network address , hostname  Ex: -d 192.168.1.5 , --dst 192.168.1.0/24 22 Mar 2014
  • Few options - 3  -i for interface  Input interface  Ex: -i eth0 indicates that this rule should consider the incoming packets coming through interface eth0  -o for interface  Output interface  Ex: -o eth1 indicates that this rule should consider the outgoing packets are going through interface eth1 If we don’t specify , all available interfaces on the system will be considered for input or output packets 22 Mar 2014
  • Few options - 4  --sport – for source port  Ex: --sport 22 , --sport ssh  Port range is as follow --sport 22:150  --dport – for destination port  Ex: --dport 22 , --dport ssh  Port range is as follow –dport 22:150 Using port numbers in the rules is better than using port name 22 Mar 2014
  • Few options - 5  --tcp-flags is for TCP flags ( for –p tcp )  Contain multiple values separated by comma  Values : SYN, ACK, FIN, RST, URG, PSH , NONE, ALL  Ex : --tcp-flags ARG1 ARG2  Ex : --tcp-flags SYN FIN  --icmp-type is for ICMP Type ( for –p icmp )  We can use the above , when are using ‘-p icmp’  Values :  ‘ - - icmp-type 0’ – Echo Reply  ‘ - - icmp-type 8’ – Echo Request 22 Mar 2014
  • Targets 22 Mar 2014  ACCEPT – IPTables stop further Processing. Packet is handed over to the end of application or the operating system for processing .  DROP – IPTables stops further processing. ( The Packet is Blocked )  REJECT – Works like the DROP target, but will also return an error message to the host sending the packet the packet was blocked
  • Targets 22 Mar 2014  DNAT – Used to do destination network address translation . ( rewriting the destination IP address of packet )  SNAT – Used to do source network address translation rewriting the source IP address of the Packet ( The source IP address is user defined ) .  MASQUARADE – Used to do Source Network Address translation. ( By default the source ip address is the same as that used by the firewall’s interface )
  • Few more iptables commands  service iptables save  To save the iptables rules ( Centos , RHEL , Fedora )  service iptables restart  To restore the iptables rules ( Centos , RHEL , Fedora )  iptables-save > /path/to/dir/filename  To save the iptables rules ( for some other linux distro)  iptables-restore < /path/to/dir/filename  To save the iptables rules ( for some other linux distro) 22 Mar 2014
  • Thank you 22 Mar 2014