If you can see this check that

next section prev section up prev page next page

Firewalls + Security

Firewalls

Firewalls

Corporate Firewalls

Linux Firewalls

iptables

Chains

Chain Names

FILTER TABLE CHAINS: INPUT, OUTPUT, FORWARD

FILTER TABLE

A Chain

Tests

Actions

Some tests:

Setting the policy

$ iptables -P INPUT ACCEPT
$ iptables -P OUTPUT ACCEPT
$ iptables -P FORWARD DROP

Editing firewalls

$ touch firewall
$ chmod +x firewall
$ vi firewall
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD

# Set the default policies for the chains
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP

Basic client machine

sport or dport

Basic client machine

Add a rule to permit ping

Add a rule to permit safe ping

Monitor safe ping

Monitor Monitor safe ping

Learning firewalls

Basic client machine

Basic client machine

Monitor Monitor safe ping

INPUT ACCEPT

DROP or REJECT

subroutines

Monitor Monitor safe ping subroutine

Extra tests

Stateful Firewalls

Established: Stateful Firewall

Stateful Rules

Rules based on network state

Basic Stateful FORWARDING

Egress filtering

Complete EGRESS Example

Other Firewall Ideas

Discussion

Discussion

Question 1

Show the iptables commands relevant in defining an egress filter allowing only related or established connections, as well as outgoing http, to be accepted and all other egress traffic to be rejected. You can assume egress only involves eth0.

Question 2

Consider the following iptable configuration:
iptables -P INPUT drop
iptables -A INPUT -m state --state 				RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport ssh -j 			ACCEPT
Would incoming ssh connection requests be blocked? Give an explanation for your answer.
Centos 7 intro: Paths | BasicShell | Search
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 log Mail
Caine 10.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Mock Exam |
CPD: Cygwin | Paths | Files and head/tail | Find and regex | Sort | Log Analysis
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Kali 2020-4: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7 | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2023 Edinburgh Napier University