13
Understanding iptables Linux firewall basics

Understanding iptables

Embed Size (px)

Citation preview

Page 1: Understanding iptables

Understanding iptablesLinux firewall basics

Page 2: Understanding iptables

Netfilter hooks stages

Socket

App

NIC

INPUT

PRE_ROUTING POST_ROUTING

OUTPUTFORWARD

Page 3: Understanding iptables

Stateless firewalliptables -A INPUT -p tcp --dport 80 -j ACCEPT

Page 4: Understanding iptables

Stateful firewalliptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

Page 5: Understanding iptables

Loggingiptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j LOG --log-prefix “In Http:”

Page 6: Understanding iptables

Tables overviewFilter is a default table.

So, if you don’t define you own table, you’ll be using filter table.

Each table has a number of predefined chains inside.

You can create your own chain.

Filter

Input

Forward

Output

Nat

Output

Prerouting

Postrouting

Mangle

Input

Prerouting

Postrouting

Output

Forward

Raw

Output

Prerouting

Page 7: Understanding iptables

Tables in shelliptables -t mangle -A POSTROUTING -o $NETCARD -p tcp -m connbytes --connbytes 10000000: --connbytes-mode bytes --connbytes-dir both -j CONNMARK --set-mark 999

iptables -t mangle -A INPUT -i eth0 -p tcp --dport 80 -m string --string ”get /admin http/” --icase --algo bm -m conntrack --ctstate ESTABLISHED -j DROP

iptables -t filter -A input -p tcp --dport 22 -m time --datestart “” --datestop “” --utc --j DROP

Page 8: Understanding iptables

Custom chainsCreate a new chain

iptables -N LOGDROP

Add chain rules

iptables -A LOGDROP -j LOG --log-level 4 --log-prefix 'SourceDrop '

iptables -A LOGDROP -j DROP

Add chain rules to iptables rules

iptables -A INPUT -s 10.0.0.0/8 -j LOGDROP

Page 9: Understanding iptables

Netfilter in user landlibnetfilter_queue is used to divert traffic to user application

Packets are not duplicated

User application has to inject a packet back

Useful for debugging rules

Page 10: Understanding iptables

ip setsConstant time hash lookup

modprobe ip_set

ipset -N droplist nethash

ipset -add droplist 192.168.1.0/24

iptables -A INPUT -m set --set droplistsrc -j DROP

Page 11: Understanding iptables

Useful commandsDrop all rules

iptables -F

Quickly restore rules

iptables-restore <rules list file>

Page 12: Understanding iptables

ReferencesDesigning and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Netfilter & Iptables Elements

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

Understanding Linux Network Internals

iptables book

Iptables targets and jumps

Security in Linux

http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655
http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655
https://www.youtube.com/watch?v=AKOQPiWBnJ0
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
http://www.amazon.com/Understanding-Network-Internals-Christian-Benvenuti/dp/0596002556
http://www.iptables.info/en/iptables-contents.html
http://www.iptables.info/en/iptables-targets-and-jumps.html
http://gr8idea.info/os/tutorials/security/index.html
Page 13: Understanding iptables

My blog

Learning Network Programming

https://haryachyy.wordpress.com/

Netfilter / Iptables

Netfilter / Iptables

Documents
Iptables Cli Serv

Iptables Cli Serv

Documents
Adm Iptables Praktis

Adm Iptables Praktis

Documents
Iptables Básico

Iptables Básico

Technology
Servicio IPTABLES Firewall

Servicio IPTABLES Firewall

Documents
Linux Iptables Zsebkonyv

Linux Iptables Zsebkonyv

Documents
Laporan iptables

Laporan iptables

Education
Iptables Completo Oliver

Iptables Completo Oliver

Technology
Contoh penggunaan-iptables

Contoh penggunaan-iptables

Documents
iptables and apache

iptables and apache

Documents
Konfigursai Iptables

Konfigursai Iptables

Documents
IPTABLES y SQUID

IPTABLES y SQUID

Education
Simplificando o Iptables

Simplificando o Iptables

Technology
Iptables layer7

Iptables layer7

Technology
Tutorial sobre iptables

Tutorial sobre iptables

Technology
Desvendando iptables

Desvendando iptables

Documents
Firewall Com Iptables

Firewall Com Iptables

Documents
Lpi Iptables

Lpi Iptables

Documents
Iptables Tutorial Copie

Iptables Tutorial Copie

Documents
Praktikum 6 - iptables

Praktikum 6 - iptables

Education
T205 - IPTABLES

T205 - IPTABLES

Documents
LABORATORIO iptables

LABORATORIO iptables

Documents
I P T A B L E S - Juanmi Taboada · 5/6/2017  · IPTABLES is a Firewall IPTABLES. FIRE WALL IPTABLES. It is NOT a security system IPTABLES. It is a prevention system IPTABLES. WWW

I P T A B L E S - Juanmi Taboada · 5/6/2017  · IPTABLES is a Firewall IPTABLES. FIRE WALL IPTABLES. It is NOT a security system IPTABLES. It is a prevention system IPTABLES. WWW

Documents
Firewalls e Iptables

Firewalls e Iptables

Documents
IPTables na prática

IPTables na prática

Technology
Konfigurasi iptables Sederhana

Konfigurasi iptables Sederhana

Documents
Tcc Firewall Iptables

Tcc Firewall Iptables

Documents
Iptables Tutorial

Iptables Tutorial

Documents
Firewall Con Iptables

Firewall Con Iptables

Documents
iptables sederhana

iptables sederhana

Documents