If you can see this check that

next section prev section up prev page next page

Firewalls + Security

Firewalls

Firewalls

Corporate Firewalls

Linux Firewalls

iptables

Chains

Chain Names

FILTER TABLE CHAINS: INPUT, OUTPUT, FORWARD

FILTER TABLE

A Chain

Tests

Actions

Some tests:

Setting the policy

$ iptables -P INPUT ACCEPT
$ iptables -P OUTPUT ACCEPT
$ iptables -P FORWARD DROP

Editing firewalls

$ touch firewall
$ chmod +x firewall
$ vi firewall
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD

# Set the default policies for the chains
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP

Basic client machine

sport or dport

Basic client machine

Add a rule to permit ping

Add a rule to permit safe ping

Monitor safe ping

Monitor Monitor safe ping

Learning firewalls

Basic client machine

Basic client machine

Monitor Monitor safe ping

INPUT ACCEPT

DROP or REJECT

subroutines

Monitor Monitor safe ping subroutine

Extra tests

Stateful Firewalls

Established: Stateful Firewall

Stateful Rules

Rules based on network state

Basic Stateful FORWARDING

Egress filtering

Complete EGRESS Example

Other Firewall Ideas

Discussion

Discussion

Question 1

Show the iptables commands relevant in defining an egress filter allowing only related or established connections, as well as outgoing http, to be accepted and all other egress traffic to be rejected. You can assume egress only involves eth0.

Question 2

Consider the following iptable configuration:
iptables -P INPUT drop
iptables -A INPUT -m state --state 				RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport ssh -j 			ACCEPT
Would incoming ssh connection requests be blocked? Give an explanation for your answer.
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 Mail
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2017 Edinburgh Napier University