Title: Firewall and Iptable in Linux

Islamic Azad University Of Sanandaj

Department of Information Technology (IT)

Presnter: Navid Ashrafi

presentation time: 10 minute

Number of Slides: 20

1-20
 Index

• What is a firewall?
• How Firewalls Protect Your PC?
• Uses of firewall
• Types of firewall
• What is Linux?
• Why use Linux?
• What is Iptable?
• What is Ipchain? 2-20
What is a firewall?

• A firewall is a software program or piece of hardware that helps screen out

hackers, viruses, and worms that try to reach your computer over the
Internet.

• A firewall usually places at the input unit of a system and protects us from
Any threats coming from internet.

• If you want the firewall (in windows) to block everything,

including the programs selected on the Exceptions tab,
select the Block all incoming connections check box.
3-20
How Firewalls Protect Your PC?

• At their most basic, firewalls work like a filter between your

computer/network and the Internet. You can program what you want
to get out and what you want to get in. Everything else is not allowed.
There are several different methods firewalls use to filter out
information, and some are used in combination. These methods work
at different layers of a network, which determines how specific the
filtering options can be.
• There are two ways a firewall can prevent this from happening. It can
allow all traffic to pass through except data that meets a
predetermined set of criteria, or it can prohibit all traffic unless it
meets a predetermined set of criteria.

4-20
Zone of Risk for an Unprotected Private Network

Zone of Risk with a Firewall

5-20
Business use of firewall
• Firewalls can be used in a number of ways to add security to your
home or business. Large corporations often have very complex
firewalls in place to protect their extensive networks. On the
outbound side, firewalls can be configured to prevent employees
from sending certain types of emails or transmitting sensitive data
outside of the network. On the inbound side, firewalls can be
programmed to prevent access to certain websites (like social
networking sites). Additionally, firewalls can prevent outside
computers from accessing computers inside the network

6-20
Home use of firewall
• For home use, firewalls work much more simply. The main goal of
a personal firewall is to protect your personal computer and private
network from malicious mischief. Malware, malicious software, is the
primary threat to your home computer. Viruses are often the first
type of malware that comes to mind. A virus can be transmitted to
your computer through email or over the Internet and can quickly
cause a lot of damage to your files. Other malware includes Trojan
horse programs and spyware. These programs are usually designed to
acquire your personal information for the purposes of identity theft
of some kind.

7-20
Types of firewall
• Packet filtering: Data travels on the internet in small pieces; these are
called Packets. Each packet has certain metadata attached, like where it is coming
from, and where it should be sent to.

• Stateful packet inspection: In addition to the simple packet filtering (above) this
kind of firewall also keeps track of connections. A packet can be the start of a new
connection, or it can be part of an existing connection. If it is neither of the two, it
is probably useless and can be dropped.

• Application-layer firewalls: Application-layer firewalls do not just look at the

metadata; they also look at the actual data transported. They know how
certain protocols work, for example HTTP. They can then look if the data that is in
the packet is valid (for that protocol). If it is not, it can be dropped.

8-20
What is Linux?

• Linux is a UNIX-based operating system originally designed to function on

Intel-based hardware. Today, Linux can be found on many different
hardware platforms such as: Cell-phones and Tablets. It was developed by
IBM at 2001 which ran Linux.
• The major different between Linux and UNIX is that UNIX is trademarked to
the Open Group, while Linux is Open source.
• All command line tools work the same on both.
• Over 90% of the supercomputers in the world run Linux. And the 10 fastest
run Linux.
• Different kinds of Linux are: Ubuntu, Fedora/Red Hat, Kali, Open SUSE,
Mandriva, Mint, Arch Linux, Slackware…

9-20
Linux Distributions
• A Linux distribution consists of the Linux kernel (actual OS) and a collection
of applications.
1. Linux kernel
2. X Windows System
3. Graphical Desktop (GNOME, KDE…)
4. Applications
• GNU Software is at the heart of every Linux. Besides the Linux kernel, GNU
software/utilities come next.
• The most common desktops are GNOME and KDE (just cosmetic
deifferences and default programs).
• Popular GNOME distros are Ubuntu & Fedora.
• Popular KDE distros are Kubuntu & Open SUSE. 10-20
Why use Linux?
Some of the reasons to use Linux are:
• Low cost and very stable (some Linux servers are not rebooted for
over a year, try that with Windows server!)
• Best computing power and inbuilt network support.
• Fastest developing OS, with the most number of developers.
• Most secure OS.
• Configurability
• Convenience
• freedom

11-20
What is iptables?
• iptables tool is used to manage the Linux firewall rules. At a first look,
iptables might look complex (or even confusing). But, once you
understand the basics of how iptables work and how it is structured,
reading and writing iptables firewall rules will be easy.

• . ipchain is the old name of iptables because it was a chainy

structured table at first. ipset is an extension to iptables. Unlike
normal iptables, which are stored and traversed linearly, IP sets are
stored in indexed data structures, making lookups very efficient, even
when dealing with large sets.
12-20
Tables Structure

13-20
What is Ipchains?
• A chain is a set of rules
• Three default chains:
1. Input
2. Forward
3. Output
• Chains allow coherent sets of rules to be grouped and shared. For example
the rules for an FTP service could be grouped into a chain and then used on
several different firewalls to apply the same policy to each (Rules can be
added, inserted, deleted,…. In a chain).
• Every packet has to pass through each chain before let in (if default policy
for each chain is ACCEPT)
14-20
Ipchains Structure

15-20
Iptables Structure

16-20
Iptable’s chain and tables (1)
1. Filter Table

• Filter is default table for iptables. So, if you don’t define you own table,
you’ll be using filter table. Iptables’s filter table has the following built-in
chains.
I. INPUT chain – Incoming to firewall. For packets coming to the local
server.
II. OUTPUT chain – Outgoing from firewall. For packets generated locally
and going out of the local server.
III. FORWARD chain – Packet for another NIC on the local server. For packets
routed through the local server.

17-20
Iptable’s chain and tables (2)
2. NAT table

• Iptable’s NAT table has the following built-in chains.

I. PREROUTING chain – Alters packets before routing. i.e Packet translation
happens immediately after the packet comes to the system (and before
routing). This helps to translate the destination ip address of the packets to
something that matches the routing on the local server. This is used for DNAT
(destination NAT).
II. POSTROUTING chain – Alters packets after routing. i.e Packet translation
happens when the packets are leaving the system. This helps to translate the
source ip address of the packets to something that might match the routing on
the desintation server. This is used for SNAT (source NAT).
III. OUTPUT chain – NAT for locally generated packets on the firewall.

18-20
Iptable’s chain and tables (3)
3. Mangle table

• Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle
table has the following built-in chains.
I. PREROUTING chain
II. OUTPUT chain
III. FORWARD chain
IV. INPUT chain
V. POSTROUTING chain

4. Raw table
• Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.
I. PREROUTING chain
II. OUTPUT chain

19-20
The following diagram shows the three
important tables in iptables

20-20
Thank You