Understanding iptables

Post on 15-Jan-2017

675 Views

Category:

Software

1 Downloads

Preview:

Click to see full reader

Transcript

Understanding iptablesLinux firewall basics

Netfilter hooks stages

Socket

App

NIC

INPUT

PRE_ROUTING POST_ROUTING

OUTPUTFORWARD

Stateless firewalliptables -A INPUT -p tcp --dport 80 -j ACCEPT

Stateful firewalliptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

Loggingiptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j LOG --log-prefix “In Http:”

Tables overviewFilter is a default table.

So, if you don’t define you own table, you’ll be using filter table.

Each table has a number of predefined chains inside.

You can create your own chain.

Filter

Input

Forward

Output

Nat

Output

Prerouting

Postrouting

Mangle

Input

Prerouting

Postrouting

Output

Forward

Raw

Output

Prerouting

Tables in shelliptables -t mangle -A POSTROUTING -o $NETCARD -p tcp -m connbytes --connbytes 10000000: --connbytes-mode bytes --connbytes-dir both -j CONNMARK --set-mark 999

iptables -t mangle -A INPUT -i eth0 -p tcp --dport 80 -m string --string ”get /admin http/” --icase --algo bm -m conntrack --ctstate ESTABLISHED -j DROP

iptables -t filter -A input -p tcp --dport 22 -m time --datestart “” --datestop “” --utc --j DROP

Custom chainsCreate a new chain

iptables -N LOGDROP

Add chain rules

iptables -A LOGDROP -j LOG --log-level 4 --log-prefix 'SourceDrop '

iptables -A LOGDROP -j DROP

Add chain rules to iptables rules

iptables -A INPUT -s 10.0.0.0/8 -j LOGDROP

Netfilter in user landlibnetfilter_queue is used to divert traffic to user application

Packets are not duplicated

User application has to inject a packet back

Useful for debugging rules

ip setsConstant time hash lookup

modprobe ip_set

ipset -N droplist nethash

ipset -add droplist 192.168.1.0/24

iptables -A INPUT -m set --set droplistsrc -j DROP

Useful commandsDrop all rules

iptables -F

Quickly restore rules

iptables-restore <rules list file>

ReferencesDesigning and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Netfilter & Iptables Elements

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

Understanding Linux Network Internals

iptables book

Iptables targets and jumps

Security in Linux

http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655
http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655
https://www.youtube.com/watch?v=AKOQPiWBnJ0
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
http://www.amazon.com/Understanding-Network-Internals-Christian-Benvenuti/dp/0596002556
http://www.iptables.info/en/iptables-contents.html
http://www.iptables.info/en/iptables-targets-and-jumps.html
http://gr8idea.info/os/tutorials/security/index.html

My blog

Learning Network Programming

https://haryachyy.wordpress.com/

top related

Firewall iptables
Documents
Desvendando iptables
Documents
Iptables layer7
Technology
IPTABLES - M-info.hu2017).pdf · 2 IPTABLES Mi az iptables?...
Documents
firewalld ↔ iptables (continued) · firewalld ↔...
Documents
Konfigursai Iptables
Documents
Iptables (I)
Documents
I P T A B L E S - Juanmi Taboada · 5/6/2017  · IPTABLES....
Documents
IPTABLES Tutorial V1-3 - gti.bh · Understanding how to...
Documents
IPTABLES manual practico, tutorial de iptables con ejemplos
Documents
Iptables Tutorial
Documents
Iptables Configuration
Education
IPTABLES y SQUID
Education
Iptables and apache 魏凡琮 (Jerry Wei). Agenda iptables.....
Documents
IWorkshopdoPOPMG Firewall–IPTABLES
Documents
Aula Iptables
Documents