2. Defination
Firewall is a system that is designed to prevent
the unauthorized access to or from a private
network.
3. Iptables
Iptables is Linux command line firewall that
allows system administrators to manage incoming
and outgoing network traffic via set of table
rules.It is pre-installed on linux operating
system.Iptables is front-end tool to talk to kernel
and decides packets to filter
4. Iptables Files
1: /ect/init.d/iptables-init script to
start|stop|restart and save rules sets.
2: /etc/sysconfig/iptables/-where rules sets are
saved.
3:/sbin/iptables-binary
5. How Firewalls Works?
Protocol:
A Set of rules or languages that a network devices
operate-By.
Packets:
A logical container represent flow of data..
Port:
A numerical designation represent a practical
protocol.
6. Continue…
Incoming Tcp packet requires the receiver to send
outgoing acknowledgment packet back to sender.
After combining the information of incoming and
outgoing packets
we determine the connection state between of
sender and receiver.
Netfilter:
Iptables is tool use to manage new established
networking subsystem within Linux Kernal called
Netfilter.
7. Commands
Step1. To verify installation:
# rpm –qa | grep iptables
Step2. To check that iptables is set to start at
boot time:
# chkconfig iptables --list
8. Options
-A chain Appends to the chain
-D chain Deletes from the chain
-I chain Insert into the chain
-L chain Lists all rules
-p proto Uses the protocol specified
-m match Matches the extended expression
-s address Defines a source address
-d address Defines a destination address
9. Chains:
INPUT Packtes coming into the system
OUTPUT Packets leaving the system
FORWARD incoming packets that should be
forwarded
10. Targets:
ACCEPT Allows the packets
DROP Drops the packets and gives no
response
REJECT Rejects the packets and sends a
rejection response
11. Continue…
To view existing firewall rules
# iptables --list
Allow SSH connections over TCP port 22
# iptables -I INPUT -p tcp -m tcp
--dport 22 -j ACCEPT
After you work with a few rules, creating firewall rules
will become easier. I chose this rule for a particular
reason: because it is a rule that you will use all the time.
Breaking down this rule, you can see that it is inserting
this rule (I); using the default Red Hat input chain (INPUT);
matching only TCP connections (-m tcp); using the TCP
protocol (-p tcp); looking for incoming connections on port
22 (--dport 22); and, if a packet is found, jumping (-j) to
the acceptance chain (ACCEPT) to allow the packet. In
plain terms, this rule allows incoming TCP connections on
port 22 of this system.
13. Commands
Step 1.
# iptables -I INPUT 5
-s 172.168.1.1/24 -p tcp
--dport 22 -J ACCEPT
This rule is a little more complex than the
previous one. Here, you are appending to the
input chain a rule that says anything from the
source (-s) network 172.168.1.1/24, using the
TCP protocol (-p tcp), allow on 22 incoming (--
dport 22). port
14. Continue..
Save the rule.
# service iptables save
Restart firewall services
# service iptables restart
Troubleshooting Firewall Rules
# service iptables status