Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I ptable


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

I ptable

  1. 1. SeminarSeminar onon Window FIREWALLWindow FIREWALL And IPTABLESAnd IPTABLES Turning small Mind Into Hackers
  2. 2. Topic CoveredTopic Covered What is Firewall ?. Types of Firewall. What is Iptables ?. Packet Processing In Iptables. Various Commands. Example.
  3. 3. What is FirewallWhat is Firewall  A firewall is a software or hardware- based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.  A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.[
  4. 4. Types of FirewallTypes of Firewall There are different types of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced :-> 1.Network Layer/Packet Filters. 2.Application layer. 3.Proxies. 4.Network Address Translation(NAT).
  5. 5. Types of FirewallTypes of Firewall  Network layer or packet filters Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.
  6. 6. Types of FirewallTypes of Firewall Stateful and Stateless Network LayerStateful and Stateless Network Layer Stateful Stateless  Stateful firewalls maintain context about active sessions, and use that "state information" to speed packet processing. If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.  Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session.They may also be necessary for filtering stateless network protocols that have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.
  7. 7. Types of FirewallTypes of Firewall Application Layer:-> Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets travelling to or from an application and they block other packets. -> Application firewalls function by determining whether a process should accept any given connection. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers of the OSI model. Application firewalls that hook into socket calls are also referred to as socket filters
  8. 8. Types of FirewallTypes of Firewall Proxies:-> A proxy server may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user. Intruders may hijack a publicly reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines
  9. 9. Types of FirewallTypes of Firewall Network Address Translation(NAT):-> ->Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. -> Firewalls often have such functionality to hide the true address of protected hosts.
  10. 10. IP-TABLESIP-TABLES Iptables is the firewall used on the Linux platform. Prior to Iptables and Ipchains were among the most popular Linux firewalls. They had certain imperfections which were fixed, resulting in a new product from the NetFilter organization called IP-TABLES. RedHat and Fedora Linux have made Iptables their default pre-installed firewall package.
  11. 11. Packet Processing In IptablesPacket Processing In Iptables Every packet passes via a series of built-in queues called tables for processing. Basically, there are three tables: -> Filter Table: The default table for handling network packets. -> NAT Table: Used to alter packets that create a new connection. -> Mangle Table: Used for specific types of packet alteration. It is a combination of both filter and Nat table.
  12. 12. Option used in Iptable commandsOption used in Iptable commands When using the iptables command, specify the following options: ◦ Packet Type : Dictates what type of packets the command filters. ◦ Packet Source/Destination : Dictates which packets the command filters based on the source or destination of the packet. ◦ Target : Dictates what action is taken on packets matching the above criteria.
  13. 13. Various CommandsVarious Commands –A : Appends the iptables rule to the end of the specified chain. –F : Flushes the selected chain, which effectively deletes every rule in the the chain. –L : Lists all of the rules in the chain specified after the command. iptables –L <chain-name> –t <table-name> –N : Creates a new chain with a user- specified name. –P : Sets the default policy for a particular chain, so that when packets traverse an entire chain without matching a rule, they will be sent on to a particular target, such as ACCEPT or DROP.
  14. 14. General Iptables Match CriteriaGeneral Iptables Match Criteria Iptables command Description -t <table> If you don't specify a table, then the filter table is assumed. As discussed before, the possible built-in tables include: filter, nat, mangle -j <target> Jump to the specified target chain when the packet matches the current rule. -p <protocol-type> Match protocol. Types include, icmp, tcp, udp, and all -s/-d <ip-address> Match source/destination IP address -i <interface- name> Match "input" interface on which the packet enters. -o <interface- name> Match "output" interface on which the packet exits
  15. 15. Loading Kernel Modules Needed ByLoading Kernel Modules Needed By IptablesIptables The iptables application requires you to load certain kernel modules to activate some of its functions. Whenever any type of NAT is required, the iptable_nat module needs to be loaded. The ip_conntrack_ftp module needs to be added for FTP support and should always be loaded with the ip_conntrack module which tracks TCP connection states. # File: /etc/rc.local # Module to track the state of connections modprobe ip_conntrack # Load the iptables active FTP module, requires ip_conntrack modprobe ip_conntrack_ftp # Load iptables NAT module when required modprobe iptable_nat # Module required for active an FTP server using NAT modprobe ip_nat_ftp
  16. 16. Example:Example: Allowing DNS Access ToAllowing DNS Access To FirewallFirewall #------------------------------------------------- ----- # Allow outbound DNS queries from the FW and the replies too # Interface eth0 is the internet interface # Zone transfers use TCP and not UDP. Most home networks # websites using a single DNS server won't require TCP statements #------------------------------------------------- ----- iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT
  17. 17. Allowing Firewall To Access TheAllowing Firewall To Access The InternetInternet # Allow port 80 (www) and 443 (https) connections from the firewall iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp -m multiport --dport 80,443 -m multiport --sport 1024:65535 # Allow previously established connections # - Interface eth0 is the internet interface iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp If you want all TCP traffic originating from the firewall to be accepted, then remove the line: -m multiport --dport 80,443 -m multiport --sport 1024:65535
  18. 18. “Thank You for your time and Listening me.”