Introduction IPtables[Firewall in Linux]
Iptable is the built-in linux firewall which includes some conditions, known as rules, according to which the traffic is allowed on the machine. It monitors the incoming and outgoing traffic and filter it according to the specified rules.
The incoming and outgoing data is transferred in the form of packets. Linux provide an interface to filter these packets. Here, Iptables comes into picture, which is a command line tool to set-up and configure the firewall. Iptables contain tables to filter packets. These tables contain multiple chains which are nothing, but the set of rules.
I hope you guys understand what IPtables is and what it is actually used for,So now lets gets started…
For installing IPtables on linux distros:
To check the current version running on your machine:
What are Filter tables?
Filter Table is the default table, if there are no user defined tables this built-in table is used. The built-in chains for this tables are INPUT , OUTPUT and FORWARD
INPUT: This chain is used to control the incoming traffic/packets to the server
FORWARD: This chain is used to filter packets that are incoming to the server but are to be forwarded somewhere else.
OUTPUT: This chain is used to filter packets that are going out from the server.
Types of Targets:
- ACCEPT: It means that the packet is allowed to pass through the firewall.
- DROP: It means that the packet is not allowed to pass through the firewall.
- RETURN: It means to skip the current rule and jump back to the chain from which it was called.
Inorder to view filter table[Default table used for IPTABLES]
Here all the chains i.e INPUT,FORWARD,OUTPUT have default policy of accept..That means that if INPUT chain has policy accept as default policy then all the incoming packet will be accepted
If you want to change the policy on a chain
sudo iptables -P <chain><target>
ex:sudo iptables -P INPUT ACCEPT
let’s see im going to change the default policy for chain INPUT to DROP
As you can see my machine is still accepting packet from outside
Now no matter how many packets i send from other machines my machine is going to drop them regardless,as i have set a policy which will drop every packet coming to my machine
Parameters used in IPtables:
- p, — protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one
- -s, — source [!] address[/mask] Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address.
- -d, — destination [!] address[/mask] Destination specification. See the description of the -s (source) flag for a detailed description of the syntax. The flag — dst is an alias for this option.
- -j, — jump target This specifies the target of the rule; i.e., what to do if the packet matches it
- -i, — in-interface [!] name Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the “!” argument is used before the interface name, the sense is inverted. If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match.
- -o, — out-interface [!] name Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the “!” argument is used before the interface name, the sense is inverted. If the interface name ends in a “+”, then any interface which begins with this name will match. If this option is omitted, any interface name will match.
Syntax for modifying a rule:
sudo iptables -A/-S <chain> -t<table> -p <protocol>-s<source-addr>-d<destination-addr> — sport <source-port> — dport <dist-port>-j<target> -i<interface>
If you want to know about all the parameters check this link https://linux.die.net/man/8/iptables
- if you don’t want anyone to ssh onto you machine on you network
sudo iptables -A INPUT -p tcp — dport 22 -j DROP -i eth0
2.if you want no one to use your machine for browsing websites ,you could do something like
sudo iptables -A INPUT -p tcp — sport 443 -j DROP -i eth0
sudo iptables -A INPUT -p tcp — sport 80 -j DROP -i eth0
And If you want to reset your IPtable you can use:
sudo iptables -F[Used for flushing the table content]
This is it for today …If you guys liked gave a like and dont forget to follow