Originally, the most popular firewall/NAT package running on Linux was ipchains but it had a number of shortcomings. The Netfilter organization decided to create a new product called iptables in order to rectify this and developed these improvements.The iptables application has better integration with the Linux kernel with the capability of loading iptables specific kernel modules designed for improved speed and reliability.
What is iptables?
statefulpacket inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols.
This is an important feature in the support of active FTP and DNS as well as many other network services. iptables can filter packets by MAC address and the values of the flags in the TCP header.
This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks.
There have been improvements in system logging which now provides the option of adjusting the level of detail of the reporting.
Network address translation has been improved and new support for transparent integration with web proxy programs such as Squid has been incorporated into the product.
The new rate limiting feature helps iptables to block some types of denial of service (DoS) attacks.
Many benefits over ipchains:
Many more filtering options: All TCP flags, MAC address user, etc. Improvedlogging.
iptables [table] [action] [chain] [options][target]
iptables -t filter –AINPUT -m state –state NEW -p tcp -s 184.108.40.206/24 -j ACCEPT Capabilities
Table - Specifies which table the chain applies to nat, filter, or mangle.
Action –Action to be taken on specified n/w or host.
Chains - 5 Built-in chains. Names capitalized unlike IPCHAINS.
INPUT - All packets entering an interface that are destined for a local process use this chain.
FORWARD - Only packets routed from one interface to another pass through this chain.
OUTPUT - All packets leaving an interface that originated from a local process use these chains.
PREROUTING - Rules in this chain occur before it is determined whether the packet will use the or FORWARD chain.
Destination NAT (DNAT) is configured using this chain.
POSTROUTING - Rules in this chain occur after the OUTPUT and FORWARD chains. Source NAT (SNAT) isconfigured using this chain.###
-i = Input interface (eth0, eth1, lo)
-o = Output interface (eth0, eth1, lo)
-p = Protocol (udp,tcp,icmp, or the protocol number)
-s = Source address of packet (220.127.116.11, 18.104.22.168/24, etc.) -d = Same as -s, only for the destination address
-m = Specify an extension module to load (e.g. -m state).
–sport = Source port –dport = Destination port
Start iptables service
You can start/stop/restart iptables after booting by using the following commands:
[root@wilshire~]# service iptables start [root@wilshire~]# service iptables stop [root@wilshire~]# service iptables [root@wilshire~]# chkconfig iptables on
Saving iptable Scripts
service iptables save command will permanently save the iptables configuration in the /etc/sysconfig/iptables file. When the system reboots, the iptables-restore program reads the configuration and makes it the active configuration.
The format of the /etc/sysconfig/iptables file is slightly different from that of the scripts shown in this document. The initialization of built in chains is automatic and the string
iptables is omitted from the rule statements.
To display INPUT or OUTPUT chain rules, enter
#iptables -L INPUT -n -v #iptables -L OUTPUT -n -v --line-number
Delete Firewall Rules
To display line number along with other information for existing rules, enter:
#iptables -L INPUT -n --line-numbers #iptables -L OUTPUT -n --line-numbers #iptables -L OUTPUT -n --line-numbers | less #iptables -L OUTPUT -n --line-numbers | grep 22.214.171.124
You will get the list of IP. Look at the number on the left, then use number to delete it. For example delete line number 4, enter:
# iptables -D INPUT 4
OR find source IP 126.96.36.199 and delete from rule:
# iptables -D INPUT -s 188.8.131.52 -j DROP Where,
-D : Delete one or more rules from the selected chain
How tO: Use iptables Like a Pro
For more information about iptables, please see the manual page by typing man iptables from the command line: $ man iptables
You can see the help using the following syntax too:
# iptables -h
To see help with specific commands and targets, enter: # iptables -j DROP –h
### Testing Your Firewall
Find out if ports are open or not, enter:
# netstat -tulpn
Find out if tcp port 80 open or not, enter:
# netstat -tulpn | grep :80
If port 80 is not open, start the Apache, enter:
# service httpd start