2. TABLE OF CONTENTS
1. What is firewall
2. What is iptables
3. Installing iptables
4. Iptables Configuration
5. Prevent DoS attack
6. Conclusion
2
3. What is a Firewall?
• A firewall is hardware, software, or a combination of both that
is used to prevent unauthorized programs or Internet users
from accessing a private network and/or a single computer.
• A set of related programs that protects the resources of a
private network from users from other networks.
3
4. Continue..
• Linux Firewall Programs:
Ipfwadm : Linux kernel 2.0.34
Ipchains : Linux kernel 2.2.
Iptables : Linux kernel 2.4. & above
4
5. What is iptables?
It is the modified firewall package available in linux operating
system. Before it was known as ipchains, later it comes with
some other improvements are:
Better integration with the Linux kernel, so improved
speed and reliability.
Stateful packet inspection.
Filter packets according to TCP header and MAC address.
Better network address translation.
A rate limiting feature that helps iptables block some types
of denial of service (DoS) attacks.
5
6. Installing iptables
In most Linux distros including Redhat / CentOS Linux installs
iptables by default. You can use the following procedure to verify
that iptables has been installed or not in Redhat.
Open terminal and type the following command:
[root@localhost ~]#sudo info iptables
For the installation of iptables:
[root@localhost ~]#apt-get install iptables
6
7. 7
To stop
[root@localhost ~]# sudo service ufw stop
ufw stop/waiting
To start
[root@localhost ~]# sudo service ufw start
ufw start/running
Start/Stop iptables services
10. Targets And Jumps
• Each firewall rule inspects each IP packet and then tries to identify it as the
target. Once a target is identified, the packet needs to jump over to it for
further processing.
-j - Jump to the specified target. By default, iptables allows four targets:
ACCEPT - Accept the packet and stop processing rules in this chain.
REJECT - Reject the packet and notify the sender that we did so, and
stop processing rules in this chain.
DROP - Silently ignore the packet, and stop processing rules in this
chain.
LOG - Log the packet, and continue processing more rules in this
chain.
10
12. Allowing Established Sessions:
We can allow established sessions to receive traffic:
[root@localhost ~]# sudo iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
14. Allowing Incoming Traffic on Specific Ports
To allow incoming traffic on the default SSH port (22), you could tell iptables to
allow all TCP traffic on that port to come in.
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Referring back to the list above, you can see that this tells iptables:
1.append this rule to the input chain (-A INPUT) so we look at incoming traffic
2. check to see if it is TCP (-p tcp).
3.check to see if the input goes to the SSH port (--dport ssh).
4. if so, accept the input (-j ACCEPT).
20. Blocking Traffic
Once a decision is made to accept a packet, no more rules affect
it. As our rules allowing ssh and web traffic come first, as long
as our rule to block all traffic comes after them, we can still
accept the traffic we want. All we need to do is put the rule to
block all traffic at the end.
24. Prevent DoS Attack:
The following iptables rule will help you prevent the Denial of
Service (DoS) attack on your webserver
# iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-m limit: This uses the limit iptables extension
–limit 25/minute: This limits only maximum of 25 connection per minute.
–limit-burst 100: This value indicates that the limit/minute will be enforced
only after the total number of connection have reached the limit-burst level.
25
25. Conclusion
We can get different service with this like firewall, routing,
natting, logging and we can also block some types of DoS attacks
just by implementing few rules in it.
26