Saturday, August 14, 2010

IPTables in Linux

 1. Firewall for Linux
 2. Interface to Netfilter, which is loaded by the kernel
 3. Operates primarily @ layers 3 & 4 of the OSI model
 4. Modular
 5. Provides Network Address Translation (NAT)
 6. IPTables can also access other layers (2, 5-7), with modules

1. grep -i config_netfilter /boot/config*

Note: Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically

/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file

IPTables includes 3 default tables, which you cannot remove:
 1. NAT
 2. Mangle
 3. Filter (Default) - filters inbound/outbound traffic

Note: Each table, includes chains, which include Access Control Entries (ACEs)

 1. iptables -L

Note: The Filter table includes 3 chains:
 1. INPUT - applies to traffic destined to a service that our system is bound to

 2. FORWARD - applies to traffic being routed through the system

 3. OUTPUT - applies to traffic sourced from our system, heading outbound

 1. Filter inbound traffic to remote RH5 system to SSH
      a. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
      b. iptables -A INPUT -j DROP

 2. Filter outbound traffic to ANY remote SSH port
     a. iptables -A OUTPUT -p tcp --dport 22 -j DROP

 3. Flush ALL rules from OUTPUT chain of the Filter table
     a. iptables -F OUTPUT

 4. Save rules to file, then flush rules
     a. iptables-save > iptables.rules.1

 5. Reinstate flushed rules
     a. iptables-restore iptables.rules.1