Skip to content

Instantly share code, notes, and snippets.

@surajsaini95

surajsaini95/Blog-IPTables.md

Created April 3, 2020 10:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save surajsaini95/ded64be6d1d457c02183741d4993dc6a to your computer and use it in GitHub Desktop.
Save surajsaini95/ded64be6d1d457c02183741d4993dc6a to your computer and use it in GitHub Desktop.
Download ZIP
provides an overview on how ip-tables can be used in Linux to implement firewall.
Raw
Blog-IPTables.md

Iptables in Linux Firewall

Intro

Managing network traffic is one of the toughest jobs a system administrators has to deal with. He must configure the firewall in such a way that it will meet the system and users requirements for both incoming and outgoing connections, without leaving the system vulnerable to attacks.

This is where iptables come in handy as they are Linux command line firewall that allows system administrators to manage incoming and outgoing traffic via set of configurable table rules.

What is an iptable

Iptables is a command line tool used to set up,and configure the firewall through set of tables to filter packets.

These tables contain multiple chains which are nothing, but the set of rules which can be built-in or user defined according to which the traffic is allowed on the machine. It is one of the way to set-up firewall as iptables monitors the traffic and filter it according to the specified rules.

TABLES

There are currently five independent tables

  • Filter => default table used for filtering packets.

  • Nat => consulted when a packet that creates a new connection.

  • Mangle =>can be used for specialized packet alteration such as alteration ip-headers of the packet.

  • Raw => mainly used for configuring exemptions from connection tracking.

  • Security => used for Mandatory Access Control (MAC) networking rules

What are Chains

  • point in the route of the packet where we can apply rules

  • not all chains available for all tables

  • there are 5 types

    • Pre-routing
      • applied to any incomming packet very soon after entering network
      • processed before any routing decision is made
    • Input
      • applied when a packet enteers a system
      • processed after pre-routing
    • Forward
      • applied to a packet that is forwarded through our system
    • Output
      • applied to a packet that is originated from the system or packet going out
    • Post-routing
      • applied to a packet that is outgoing or forwarded
      • processed after routing decision is made and just before packet is transmitted

Rules

  • they are user defined commands to manipulate the network traffic

  • if rules dosent match the next rule in chain is examined

  • if rules match then the next rule is specified by rules target value

  • rules created are not persistant

Table to show the order in which tables and their respective chains are traversed for validating rules:**

Tables/Chains Pre-routing Input Forward Output Post-routing
Raw Y Y
Mangle Y Y Y Y Y
Nat(DNAT) Y Y
Filter Y Y Y
Security Y Y Y
Nat(SNAT) Y Y

Some important chain sequence :

  • Incoming packets destined for the local system -> Pre -> Input

  • Incoming packets destined for another host-> Pre -> Forward -> Post

  • Locally generated packet -> Output -> Post

Examples to understand more

Lets say we want to block a particular ipaddress, then the following command can be used

# iptables -A OUTPUT -s ipaddress -j DROP

Here ' -s ipaddress ' is a matching component and ' -j DROP ' is a target component.

Matching component can contain :

  • different condition available to define rules.
  • match by protocol type
  • destination or source address
  • destination or source port
  • input or output interface
  • headers etc

Also they can be combined to create complex rule set.

Target component

It is basically an action triggered when a packet meets a matching criteria and they are of 2 types:

  • terminating target which ends further traversal

  • non terminating which performs actions and continue the chain

Important : All actions are not available for every table and chain

Commands with example

  • Check the status of iptables
# -L to list rules, -n for numeric format, -v for verbose
	$ iptables -L -n -v
  • Append new rule in a chain
# Block specific website
	$ iptables -t table -A chain -s ipaddress -j DROP
  • Delete rule no 5 from a chain
# //delete a particular rule by its rule number
	$ iptables -t table -D chain rule_number
  • Flushing or deleting IPTables rules
	$ iptables -F

Making rules Persistant

  • iptables-persistent

    • Its a package which takes over the automatic loading of the saved iptables rules. For this to happen , the rules must be saved in the file /etc/iptables/rules.v4 (for IPv4 ).
    • It can be installed by the following command if not available $ apt-get install iptables-persistent

  • iptables-save and iptables-restore

    • save the current state of iptables

      $ sudo sh -c 'iptables-save > /etc/iptables.conf'

    • restore from file again

      $ sudo iptables-restore < /etc/iptables.conf

Note :the above command can be added to /etc/rc.local to enable automatic loading of the rules from iptables.conf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment