Professional Documents
Culture Documents
IPTABLES
IPTABLES
Iptables act as a firewall to your system. A firewall is just a way you can filter traffic.
It is pretty much saying what traffic you want to allow and what traffic you want to
block. You can set this up for your computer or an entire network.
Iptables make Linux even more secure as it gives you full control of what traffic you
can block and allow. Iptables is a terminal interface used to maintain and set up
tables for the Netfilter firewall for IPv4 included in the Linux kernel.
The reason iptables gets its name is because we create tables that allow and block
different IP addresses.
However, in a world that revolves around the internet, with millions of cookies,
trackers, spam emails, and phishing attempts, you must only learn to take better
precautions. That is exactly what iptables is used for.
ad
Using iptables, you can perform different tasks like blocking cookies from a specific
website, stopping spam mail coming to your account, blocking a specific user, or a
group of people over a network and so many more things to improve your security.
1. Tables
2. Chains
3. Rules
a. Filter table:
The default and the main table used in iptables is the filter table. That means, that
whenever you don’t specify a specific table, the rule will apply to the filter table. As
the name suggests the rule of this table is filtering packets, which is to make
decisions on whether to let a pocket continue to its intended destination or to deny
its request.
The filter table provides the majority of functions of iptables, and for most occasions,
this is the table that you would be dealing with.
b. NAT table
The second main table is the NAT table. As the name suggests, it is used to provide
the network address translation rules. The rule in this table will determine whether
to modify and how to modify the packet’s source or destination addresses to route
the packet in the NAt setup. Where direct access is not possible.
c. Mangle table
The third main table is the Mangle table. This table is used to alter the IP headers of
the packet. For instance, you can adjust the time to lift the TTL value of the packet,
either lengthening or shortening the number of avoiding network hops that the
packet can sustain. Now other IP headers can be altered in similar ways
These above-mentioned tables are the 3 main tables, now let us look at the other 2
tables:
d. RAW table
RAW table is used for connection tracking. It provides a mechanism for marking
packets to view packets as a part of an ongoing connection or session.
e. Security table
Security table is used to send internal SELinux security content marks on packets
which will affect how SELinux or other systems that can interpret SELinux security
context handle these packets.
2. Chains in iptables
Chains are like points in the route of a packet, where you can apply rules. There are 5
chains in iptables, they are:
a. Pre routing
b. Input
c. Forward
d. Output
e. Post routing
All chains are not available for all tables. Each chain gives you the option to take
action on the packets and that particular point in the packet route.
b. Input chain
c. Forward chain
Forward chain is applied to a packet that is forwarded through your system.
d. Output chain
Output chain is applied to the packet originating from your system and going out.
You must note that all the tables can not do all the chains. Here is a list of what
chains the main 3 tables can handle:
a. Filter table: This default table can only handle the INPUT, OUTPUT, and
FORWARDING chains.
b. NAT table: This table can handle only PREROUTING, OUTPOST, and
POSTROUTING.
c. Mangle table: This table until recently supported only 2 chains. However, from
version 2.4 this table supports all 5 chains: PREROUTING, INPUT, OUTPUT,
OUTPOST, POSTROUTING, and FORWARDING.
3. Rules in iptables
Rules are the user-defined commands to manipulate the network traffic. As each
chain is called, each rule is checked against the packet within the chain in order. If
the packet does not match, the next rule in the chain is examined. If it does match,
then the next rule is specified by the value of the target.
a. Matching component
A matching component is different conditions available to define rules. You can
match by protocol type, IP address, port address, interfaces headers, etc.
b. Target component
The target component is the action that is triggered when a packet meets the
matching criteria of a rule. There are 2 types of targets:
i. Terminating targets
Terminating targets are actions that end the further traversal in that particular
chain. Some examples of terminating targets are: Accept, Drop, Queue, Reject,
Return