Iptables

Originally, the most popular firewall/NAT package running on Linux was ipchains but it had a number of shortcomings. The Netfilter organization decided to create a new product called iptables in order to rectify this and developed these improvements.The iptables application has better integration with the Linux kernel with the capability of loading iptables specific kernel modules designed for improved speed and reliability.

What is iptables?

  • Iptables does stateful packet inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols.

  • This is an important feature in the support of active FTP and DNS as well as many other network services. iptables can filter packets by MAC address and the values of the flags in the TCP header.

  • This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks.

  • There have been improvements in system logging which now provides the option of adjusting the level of detail of the reporting.

  • Network address translation has been improved and new support for transparent integration with web proxy programs such as Squid has been incorporated into the product.

  • The new rate limiting feature helps iptables to block some types of denial of service (DoS) attacks.

Overview

Many benefits over ipchains:

  • ConnectionTracking.

  • RateLimiting.

  • Many more filtering options: All TCP flags, MAC address user, etc.  Improvedlogging.

Format

iptables [table] [action] [chain] [options][target]

iptables -t filter –AINPUT -m state –state NEW -p tcp -s 12.189.1.0/24 -j ACCEPT Capabilities

Table - Specifies which table the chain applies to nat, filter, or mangle.

Action –Action to be taken on specified n/w or host.

Chains - 5 Built-in chains. Names capitalized unlike IPCHAINS.

Filter Table

INPUT - All packets entering an interface that are destined for a local process use this chain.

FORWARD - Only packets routed from one interface to another pass through this chain.

OUTPUT - All packets leaving an interface that originated from a local process use these chains.

Nat Table

PREROUTING - Rules in this chain occur before it is determined whether the packet will use the or FORWARD chain.

Destination NAT (DNAT) is configured using this chain.

POSTROUTING - Rules in this chain occur after the OUTPUT and FORWARD chains. Source NAT (SNAT) isconfigured using this chain.###

Options

  • -i = Input interface (eth0, eth1, lo)

  • -o = Output interface (eth0, eth1, lo)

  • -p = Protocol (udp,tcp,icmp, or the protocol number)

  • -s = Source address of packet (192.189.1.20, 192.189.1.0/24, etc.) -d = Same as -s, only for the destination address

  • -m = Specify an extension module to load (e.g. -m state).

  • –sport = Source port –dport = Destination port

Start iptables service

You can start/stop/restart iptables after booting by using the following commands:

[root@wilshire~]# service iptables start [root@wilshire~]# service
iptables stop [root@wilshire~]# service iptables
[root@wilshire~]# chkconfig iptables on

Saving iptable Scripts

The service iptables save command will permanently save the iptables configuration in the /etc/sysconfig/iptables file. When the system reboots, the iptables-restore program reads the configuration and makes it the active configuration.

The format of the /etc/sysconfig/iptables file is slightly different from that of the scripts shown in this document. The initialization of built in chains is automatic and the string iptables is omitted from the rule statements.

To display INPUT or OUTPUT chain rules, enter

#iptables -L INPUT -n -v
#iptables -L OUTPUT -n -v --line-number

Delete Firewall Rules

To display line number along with other information for existing rules, enter:

#iptables -L INPUT -n --line-numbers
#iptables -L OUTPUT -n --line-numbers
#iptables -L OUTPUT -n --line-numbers | less
#iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1

You will get the list of IP. Look at the number on the left, then use number to delete it. For example delete line number 4, enter:

# iptables -D INPUT 4

OR find source IP 202.54.1.1 and delete from rule:

# iptables -D INPUT -s 202.54.1.1 -j DROP Where,

-D : Delete one or more rules from the selected chain

How tO: Use iptables Like a Pro

For more information about iptables, please see the manual page by typing man iptables from the command line: $ man iptables

You can see the help using the following syntax too:

# iptables -h

To see help with specific commands and targets, enter: # iptables -j DROP –h

### Testing Your Firewall

Find out if ports are open or not, enter:

# netstat -tulpn

Find out if tcp port 80 open or not, enter:

# netstat -tulpn | grep :80

If port 80 is not open, start the Apache, enter:

# service httpd start

Subscribe For More Content