1 / 15

Linux Firewall

Iptables. Linux Firewall. Iptables is a Linux firewall that also is capable of doing NAT Consists of a set of rules Rules are normally in a config- script and are written as Iptables-commands. The two most important tables in Iptables are FILTER and NAT. FILTER.

yoshe
Télécharger la présentation

Linux Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Iptables Linux Firewall

  2. Iptables is a Linux firewall that also is capable of doing NAT • Consists of a set of rules • Rules are normally in a config- script and are written as Iptables-commands. • The two most important tables in Iptables are FILTER and NAT

  3. FILTER • Consists of the chains INPUT, OUTPUT and FORWARD • The rules in these chains decides if the incoming packets are dropped (DROP) or accepted (ACCEPT)

  4. INPUT • INPUT deals with all packets received and that have the machine that runs iptables as destination. This means that only packets that are ment for the machine that runs iptables will be processed by this chain. • Packets ment for other machines are processed by the FORWARD chain.

  5. FORWARD • FOWARD deals with the packets that are incoming to the machine that runs iptables, but are ment to be forwarded to other machines. • They can be forwarded to a machine on the local network or to a machine on an external network.

  6. OUTPUT • OUTPUT deals with packets that has their origin in the machine that runs iptables and are going out to another machine. • Packets coming from the local net and going out, will not be processed in this chain but in the FORWARD chain.

  7. NAT • Consists of the chains POSTROUTING, PREROUTING and OUTPUT • The rules in these chains decides how the adresses are to be translated

  8. PREROUTING • PREROUTING deal with external, incoming packets before the IP-stack has desided where it is going. • Is responsible for performing NAT on these packets and send them to the desired loaction.

  9. POSTROUTING • POSTROUTING deals with packets after the IP-stack has desided where its going. • Used when you want to change the sender adress on a outgoing packet thats from a local machine.

  10. OUTPUT • Like the OUTPUT chain in the FILTER-table, OUTPUT deals with outgoing packets that has their origin in the machine that runs iptables.

  11. The firewall script • Close the firewall completely • Flush all pre-existing rules • Open for the packets that you want to allow and use NAT for the ones that has to be rerouted • If necessary, use a timer on your script when configuring the script from a remote location

  12. #/root/timer& • iptables --policy INPUT DROP • iptables --policy OUTPUT DROP • iptables --policy FORWARD DROP • iptables -t filter -F • iptables -t nat -F

  13. Allows access to the internet from the machine: • iptables -A OUTPUT -o eth1 -p tcp --dport 80 -m state --state NEW -j ACCEPT • Allows ssh access to the machine: • iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -j ACCEPT

  14. Reroutes packets on port 5901 to port 5900 • iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 5901 -j DNAT --to-destination 10.0.0.4:5900 • Allows incoming packets on port 5900 to a local machine. • iptables -A FORWARD -i eth1 -p tcp --dport 5900 -m state --state NEW -j ACCEPT

  15. http://student.iu.hio.no/~s135618/OpSys/fw.rc

More Related