Kaan Aslandağ, profile picture
Uploaded byKaan Aslandağ
151 views

IPTables Lab

The document summarizes steps taken in an iptables lab to configure firewall rules allowing specific traffic. It shows how to allow SSH from 10.30.30.254 to 10.30.30.5, then add rules for DNS, HTTP and HTTPS. One rule is deleted without saving, so it will not persist after a restart. Testing connection attempts confirm the active rules.

Embed presentation

Download to read offline
1 IPTABLES LAB  Allow Source 10.30.30.254 to Destination 10.30.30.5 via SSH  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport ssh -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo systemctl restart iptables.service (Test if policy is permanent after restart) - After doing a new SSH connection request, we will see our policy is working fine
2  What if we change our source IP and try again? Answer: It will be matched with the “INPUT DROP POLICY” and drop our SSH connection request.
3  Allow DNS, HTTP, HTTPS Source 10.30.30.254 Destination 10.30.30.5  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport http -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport https -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo iptables -D INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT “-D” is deleting policy. Now we deleted the DNS access and when we will send “telnet” request to our BIND server, we will not have a successful connection But also we didn’t save the config to /etc/sysconfig/iptables so after restarting the iptables service we expect to see our saved “Allow 53 “ policy
4  sudo systemctl restart iptables.service (Test if policy is permanent after restart)  sudo iptables –L To send the connection request if we have access to our server via 53 port:  telnet 10.30.30.5 53 Seeing the TCP handshake between our physical machine and BIND Server 1/18/2022 X Kaan Aslandag Signed by: www.kaan1.com

More Related Content

PDF
Configuration IPTables On CentOS 8
byKaan Aslandağ
 
PDF
Configuration of Smtp Server On CentOS 8
byKaan Aslandağ
 
PDF
Configuration of SFTP Server on CentOS 8.pdf
byKaan Aslandağ
 
PDF
Firewalld LAB
byKaan Aslandağ
 
PDF
Configuration of NTP Server on CentOS 8
byKaan Aslandağ
 
PDF
Configuration of BIND DNS Server On CentOS 8
byKaan Aslandağ
 
PDF
Configuration Firewalld On CentOS 8
byKaan Aslandağ
 
PDF
CentOS Server CLI Configuration (Nmcli & Hosts)
byKaan Aslandağ
 
Configuration IPTables On CentOS 8
byKaan Aslandağ
 
Configuration of Smtp Server On CentOS 8
byKaan Aslandağ
 
Configuration of SFTP Server on CentOS 8.pdf
byKaan Aslandağ
 
Firewalld LAB
byKaan Aslandağ
 
Configuration of NTP Server on CentOS 8
byKaan Aslandağ
 
Configuration of BIND DNS Server On CentOS 8
byKaan Aslandağ
 
Configuration Firewalld On CentOS 8
byKaan Aslandağ
 
CentOS Server CLI Configuration (Nmcli & Hosts)
byKaan Aslandağ
 

What's hot

PDF
CentOS Server Gui Initial Configuration
byKaan Aslandağ
 
DOCX
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
bySaroj Sahu
 
PDF
Ftp configuration in rhel7
byBalamurugan M
 
PDF
TFTP Installation Configuration Guide
byVCP Muthukrishna
 
PDF
Dhcp
byMd Shihab
 
PPSX
Linux02 install SSh
byJainul Musani
 
TXT
Server readme
byStenli Siderov
 
DOCX
Router Commands Overview
byMuhammed Niyas
 
PPTX
Linux Commands
bylucita cabral
 
DOCX
How to shutdown the Netapp SAN 8.3 and 9.2 version
bySaroj Sahu
 
PDF
How To Install and Configure Salt Master on Ubuntu
byVCP Muthukrishna
 
PDF
LSOF Command Usage on RHEL 7
byVCP Muthukrishna
 
PDF
mail server
bychacheng oo
 
TXT
Ftpádas
byPhạm Anh
 
PDF
Basic security & info
byTola LENG
 
PDF
How to Install Configure and Use sysstat utils on RHEL 7
byVCP Muthukrishna
 
PDF
How to use mmdvm host wif main board
byAURELIO PY5BK
 
PDF
Nfs
byMd Shihab
 
PDF
VPNIPSec site to site
byDimitri LEMBOKOLO
 
PPTX
Introduction to linux day1
byGourav Varma
 
CentOS Server Gui Initial Configuration
byKaan Aslandağ
 
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
bySaroj Sahu
 
Ftp configuration in rhel7
byBalamurugan M
 
TFTP Installation Configuration Guide
byVCP Muthukrishna
 
Dhcp
byMd Shihab
 
Linux02 install SSh
byJainul Musani
 
Server readme
byStenli Siderov
 
Router Commands Overview
byMuhammed Niyas
 
Linux Commands
bylucita cabral
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
bySaroj Sahu
 
How To Install and Configure Salt Master on Ubuntu
byVCP Muthukrishna
 
LSOF Command Usage on RHEL 7
byVCP Muthukrishna
 
mail server
bychacheng oo
 
Ftpádas
byPhạm Anh
 
Basic security & info
byTola LENG
 
How to Install Configure and Use sysstat utils on RHEL 7
byVCP Muthukrishna
 
How to use mmdvm host wif main board
byAURELIO PY5BK
 
Nfs
byMd Shihab
 
VPNIPSec site to site
byDimitri LEMBOKOLO
 
Introduction to linux day1
byGourav Varma
 

Similar to IPTables Lab

TXT
Linuxserver harden
byGregory Hanis
 
PPTX
12 - System Security in Red Hat
byShafaan Khaliq Bhatti
 
PPTX
How to convert your Linux box into Security Gateway - Part 1
byn|u - The Open Security Community
 
PDF
Reducing iptables configuration complexity using chains
byDieter Adriaenssens
 
PPT
Iptables in linux
byMandeep Singh
 
PDF
Introduction to firewalls through Iptables
byBud Siddhisena
 
PDF
Iptables presentation
byEmin Abdul Azeez
 
PDF
IP Tables Primer - Part 1
byn|u - The Open Security Community
 
PDF
IPTables Primer - Part 1
byNishanth Kumar Pathi
 
PDF
25 most frequently used linux ip tables rules examples
bychinkshady
 
DOCX
25 most frequently used linux ip tables rules examples
byTeja Bheemanapally
 
DOCX
25 most frequently used linux ip tables rules examples
byTeja Bheemanapally
 
DOCX
How to Install iptable on Debian 12.docx
byGreen Webpage
 
PDF
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
byThomas Graf
 
PDF
Complete squid & firewall configuration. plus easy mac binding
byChanaka Lasantha
 
PDF
How to secure ubuntu 12.04
byJohn Richard
 
PDF
Sharing your-internet-connection-on-linux
byjasembo
 
DOCX
Creating a firewall in UBUNTU
byMumbai University
 
PPTX
Firewall
bykhalid abdelazim
 
PPTX
Firewalls rules using iptables in linux
byaamir lucky
 
Linuxserver harden
byGregory Hanis
 
12 - System Security in Red Hat
byShafaan Khaliq Bhatti
 
How to convert your Linux box into Security Gateway - Part 1
byn|u - The Open Security Community
 
Reducing iptables configuration complexity using chains
byDieter Adriaenssens
 
Iptables in linux
byMandeep Singh
 
Introduction to firewalls through Iptables
byBud Siddhisena
 
Iptables presentation
byEmin Abdul Azeez
 
IP Tables Primer - Part 1
byn|u - The Open Security Community
 
IPTables Primer - Part 1
byNishanth Kumar Pathi
 
25 most frequently used linux ip tables rules examples
bychinkshady
 
25 most frequently used linux ip tables rules examples
byTeja Bheemanapally
 
25 most frequently used linux ip tables rules examples
byTeja Bheemanapally
 
How to Install iptable on Debian 12.docx
byGreen Webpage
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
byThomas Graf
 
Complete squid & firewall configuration. plus easy mac binding
byChanaka Lasantha
 
How to secure ubuntu 12.04
byJohn Richard
 
Sharing your-internet-connection-on-linux
byjasembo
 
Creating a firewall in UBUNTU
byMumbai University
 
Firewall
bykhalid abdelazim
 
Firewalls rules using iptables in linux
byaamir lucky
 

Recently uploaded

PPTX
Fake News Detection System | Plagiarism detection
bysurajkanojiya13
 
PDF
Reality Check Deploying Computer Vision and LLMs at the Edge
byICS
 
PPTX
820656155-Unit-III-Univariate-Analysis.pptx
bykalaimugill
 
PPTX
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 
PDF
JVM in the Age of AI: 2026 Edition - Deep Dive
byArtur Skowroński
 
PDF
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
PDF
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
PDF
5.5 Inch 4K TFT LCD Display 3840×2160 UHD Panel – LS055D1SX05(G)
bySyluxdisplay
 
PPT
DAA-unit 1.ppt Basics of Algorithm, Algorithm Analysis, Asymptotic Notations ...
byPreethiRavikumar5
 
PPTX
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
PDF
A Newbie’s Journey: Hidden MySQL Pain Points That Vitess Quietly Solves
byIgor Donchovski
 
PDF
TechRush Hackathon 2026: A Platform for Innovation, Learning, and Real-World ...
byreshmi7103
 
PDF
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
PDF
FPGA Fabric and Synthesis All Parts Combined
byAmr Adel
 
PPTX
Using Bangladesh studies in cse why matter ppp.pptx
bymsprinceahmedontor40
 
PPTX
MicroAccelerometers & microfluidics.pptx
byThamizhvani TR
 
PPTX
Speech to Text with Tone Correction.pptx
bysurajkanojiya13
 
PPTX
Electronics Device - EC25C01 - Semiconductor: Types, Conductivity,
byMathavan N
 
PDF
God series - Physics video office crossed
byjangidankit8781
 
PPT
Introduction to Concord Decorator by Stolle.ppt
bymorachatgpt123
 
Fake News Detection System | Plagiarism detection
bysurajkanojiya13
 
Reality Check Deploying Computer Vision and LLMs at the Edge
byICS
 
820656155-Unit-III-Univariate-Analysis.pptx
bykalaimugill
 
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 
JVM in the Age of AI: 2026 Edition - Deep Dive
byArtur Skowroński
 
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
5.5 Inch 4K TFT LCD Display 3840×2160 UHD Panel – LS055D1SX05(G)
bySyluxdisplay
 
DAA-unit 1.ppt Basics of Algorithm, Algorithm Analysis, Asymptotic Notations ...
byPreethiRavikumar5
 
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
A Newbie’s Journey: Hidden MySQL Pain Points That Vitess Quietly Solves
byIgor Donchovski
 
TechRush Hackathon 2026: A Platform for Innovation, Learning, and Real-World ...
byreshmi7103
 
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
FPGA Fabric and Synthesis All Parts Combined
byAmr Adel
 
Using Bangladesh studies in cse why matter ppp.pptx
bymsprinceahmedontor40
 
MicroAccelerometers & microfluidics.pptx
byThamizhvani TR
 
Speech to Text with Tone Correction.pptx
bysurajkanojiya13
 
Electronics Device - EC25C01 - Semiconductor: Types, Conductivity,
byMathavan N
 
God series - Physics video office crossed
byjangidankit8781
 
Introduction to Concord Decorator by Stolle.ppt
bymorachatgpt123
 

IPTables Lab

  • 1.
    1 IPTABLES LAB  AllowSource 10.30.30.254 to Destination 10.30.30.5 via SSH  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport ssh -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo systemctl restart iptables.service (Test if policy is permanent after restart) - After doing a new SSH connection request, we will see our policy is working fine
  • 2.
    2  What ifwe change our source IP and try again? Answer: It will be matched with the “INPUT DROP POLICY” and drop our SSH connection request.
  • 3.
    3  Allow DNS,HTTP, HTTPS Source 10.30.30.254 Destination 10.30.30.5  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport http -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport https -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo iptables -D INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT “-D” is deleting policy. Now we deleted the DNS access and when we will send “telnet” request to our BIND server, we will not have a successful connection But also we didn’t save the config to /etc/sysconfig/iptables so after restarting the iptables service we expect to see our saved “Allow 53 “ policy
  • 4.
    4  sudo systemctlrestart iptables.service (Test if policy is permanent after restart)  sudo iptables –L To send the connection request if we have access to our server via 53 port:  telnet 10.30.30.5 53 Seeing the TCP handshake between our physical machine and BIND Server 1/18/2022 X Kaan Aslandag Signed by: www.kaan1.com