Understanding iptables

Understanding iptablesLinux firewall basics

Netfilter hooks stages

Socket

App

NIC

INPUT

PRE_ROUTING POST_ROUTING

OUTPUTFORWARD

Stateless firewalliptables -A INPUT -p tcp --dport 80 -j ACCEPT

Stateful firewalliptables -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

Loggingiptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j LOG --log-prefix “In Http:”

Tables overviewFilter is a default table.

So, if you don’t define you own table, you’ll be using filter table.

Each table has a number of predefined chains inside.

You can create your own chain.

Filter

Input

Forward

Output

Nat

Output

Prerouting

Postrouting

Mangle

Input

Prerouting

Postrouting

Output

Forward

Raw

Output

Prerouting

Tables in shelliptables -t mangle -A POSTROUTING -o $NETCARD -p tcp -m connbytes --connbytes 10000000: --connbytes-mode bytes --connbytes-dir both -j CONNMARK --set-mark 999

iptables -t mangle -A INPUT -i eth0 -p tcp --dport 80 -m string --string ”get /admin http/” --icase --algo bm -m conntrack --ctstate ESTABLISHED -j DROP

iptables -t filter -A input -p tcp --dport 22 -m time --datestart “” --datestop “” --utc --j DROP

Custom chainsCreate a new chain

iptables -N LOGDROP

Add chain rules

iptables -A LOGDROP -j LOG --log-level 4 --log-prefix 'SourceDrop '

iptables -A LOGDROP -j DROP

Add chain rules to iptables rules

iptables -A INPUT -s 10.0.0.0/8 -j LOGDROP

Netfilter in user landlibnetfilter_queue is used to divert traffic to user application

Packets are not duplicated

User application has to inject a packet back

Useful for debugging rules

ip setsConstant time hash lookup

modprobe ip_set

ipset -N droplist nethash

ipset -add droplist 192.168.1.0/24

iptables -A INPUT -m set --set droplistsrc -j DROP

Useful commandsDrop all rules

iptables -F

Quickly restore rules

iptables-restore <rules list file>

ReferencesDesigning and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and L7-filter

Netfilter & Iptables Elements

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

Understanding Linux Network Internals

iptables book

Iptables targets and jumps

Security in Linux

http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655

http://www.amazon.com/Designing-Implementing-Firewalls-netfilter-L7-filter/dp/1904811655

https://www.youtube.com/watch?v=AKOQPiWBnJ0

http://www.thegeekstuff.com/2011/01/iptables-fundamentals/

http://www.amazon.com/Understanding-Network-Internals-Christian-Benvenuti/dp/0596002556

http://www.iptables.info/en/iptables-contents.html

http://www.iptables.info/en/iptables-targets-and-jumps.html

http://gr8idea.info/os/tutorials/security/index.html

My blog

Learning Network Programming

https://haryachyy.wordpress.com/

Understanding iptables

Software