Linux Firewall - NullCon Chennai Presentation


Published on

Our presentation at Null Con Chennai

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Fedora, Redhat
  • Masquaredes all outgoing traffic
    Filter both incoming and outgoing traffic
    Port forward incoming traffic for your servers
  • Linux Firewall - NullCon Chennai Presentation

    1. 1. Linux Firewall June 29 2014 Vinoth Sivasubramanian Ganapathy Kannan
    2. 2. Agenda  Introduction to Linux Firewalls  Firewall Basics  IP Tables  Firewall Management  Challenges and Solutions
    3. 3. Introduction  Why Need a Firewall  Improved Access Control at Network Layer and Transport Layer  Better Detection Capabilities  Why Linux Firewalls  Open source  Low Cost  Flexible  Can align with business and user need  Continual improvement
    4. 4. What is a firewall?  What is a firewall ??? A firewall is a device filtering traffic between 2 or more networks based on predefined rules
    5. 5. IP Chains  IP Chains Loadable kernel module that performs packet filtering Comes with most Linux distribution No Port Forward Concept of chain ( Input , Output and Forward)
    6. 6. IP Tables  IP Tables Loadable kernel module Since kernel 2.4.x Everything of IP Chains plus stateful inspection, improved matching and port forward More customized login  Requires expertise and careful study of organization
    7. 7. IP Tables – Implementation – Command Line  Open a terminal window ( Must be logged in as root ) typing #iptables iptables<version number: no command specified ( If IP tables already installed)  IF IP tables are not installed then follow the follow instructions to enable IP Tables IP tables can be downloaded from #tar –xvjf ./iptables-1.*.*.tar.bz2 –c/usr/src #cd /usr/src/iptables-1.*.* ( to the directory it has created) #/bin/sh –c make #/bin/sh –c make install  to finish the install
    8. 8. Implementation of policies Sample #iptables –P INPUT/DROP/ACCEPT #iptables –P OUTPUT/DROP/ACCEPT #iptables –P FORWARD/DROP/ACCEPT
    9. 9. Implementation of policies Implementing Rules #iptables –A INPUT I eth0 –p tcp (–s –dport 22 –j drop A to append the rule at the bottom of specified chain I to insert the rule at the top of the specfified chain I income interface P protocol S incoming ip Dport destination port Sport source port O outgoing interface D destination ip #service iptables save
    10. 10. Implementation of policies Deleting rules # iptables –D INPUT <number> #iptables –D INPUT – i eth0 –p tcp dport 22 –j DROP
    11. 11. Implementation of policies using GUI # system-config-firewall in command line Or System  Administration  Firewall in the Menu
    12. 12. Implementation of policies using GUI Sample Snapshot
    13. 13. Typical Implementation Internal LAN DMZ Servers Internal LAN Router Internet
    14. 14. Tools for Compiling IPTables   Online tool to help build Linux firewall rules ( Open source)   Tool to analyse IP tables logs  Challenges  No clear visibility on flow of traffic , ports and services used in the organization  Solutions to them are documenting the ports, services being used in the organization  Does not do deep packet inspection to filter malicious traffic
    15. 15. Thank You Q& A