Scribd Logo
Upload

Welcome to Scribd!

  • IPTABLES

    Uploaded by

    HuZaM Khan
    3 views4 pages
    An User-defined Firewall in LINUX

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An User-defined Firewall in LINUX

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views4 pages

    IPTABLES

    Uploaded by

    HuZaM Khan
    An User-defined Firewall in LINUX

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    IPTABLES

    Iptables act as a firewall to your system. A firewall is just a way you can filter traffic.
    It is pretty much saying what traffic you want to allow and what traffic you want to
    block. You can set this up for your computer or an entire network.

    Iptables make Linux even more secure as it gives you full control of what traffic you
    can block and allow. Iptables is a terminal interface used to maintain and set up
    tables for the Netfilter firewall for IPv4 included in the Linux kernel.

    The reason iptables gets its name is because we create tables that allow and block
    different IP addresses.

    Need of iptables in Linux


    Linux-based operating systems are very secure by themselves. So secure that you
    don’t have to install an antivirus to protect your PC from malware and viruses as
    they ask for approval in the form of a password for every application and program to
    run.

    However, in a world that revolves around the internet, with millions of cookies,
    trackers, spam emails, and phishing attempts, you must only learn to take better
    precautions. That is exactly what iptables is used for.

    ad
    Using iptables, you can perform different tasks like blocking cookies from a specific
    website, stopping spam mail coming to your account, blocking a specific user, or a
    group of people over a network and so many more things to improve your security.

    Understanding basic concepts of iptables


    For the sake of simplicity and understandability, let us look into the basic concepts
    and terminologies that are related to iptables.

    When talking about iptables, it is very important to understand the 3 terms:

    1. Tables

    2. Chains

    3. Rules

    Let us look at each of these terms one by one:


    1. Tables in iptables
    Iptables consist of 5 different types of tables, out of which 3 are main tables and each
    table has a different role. Let us take a look at the 5 different tables along with their
    roles:

    a. Filter table:
    The default and the main table used in iptables is the filter table. That means, that
    whenever you don’t specify a specific table, the rule will apply to the filter table. As
    the name suggests the rule of this table is filtering packets, which is to make
    decisions on whether to let a pocket continue to its intended destination or to deny
    its request.

    The filter table provides the majority of functions of iptables, and for most occasions,
    this is the table that you would be dealing with.

    b. NAT table
    The second main table is the NAT table. As the name suggests, it is used to provide
    the network address translation rules. The rule in this table will determine whether
    to modify and how to modify the packet’s source or destination addresses to route
    the packet in the NAt setup. Where direct access is not possible.

    c. Mangle table
    The third main table is the Mangle table. This table is used to alter the IP headers of
    the packet. For instance, you can adjust the time to lift the TTL value of the packet,
    either lengthening or shortening the number of avoiding network hops that the
    packet can sustain. Now other IP headers can be altered in similar ways

    These above-mentioned tables are the 3 main tables, now let us look at the other 2
    tables:

    d. RAW table
    RAW table is used for connection tracking. It provides a mechanism for marking
    packets to view packets as a part of an ongoing connection or session.

    e. Security table
    Security table is used to send internal SELinux security content marks on packets
    which will affect how SELinux or other systems that can interpret SELinux security
    context handle these packets.
    2. Chains in iptables
    Chains are like points in the route of a packet, where you can apply rules. There are 5
    chains in iptables, they are:

    a. Pre routing

    b. Input

    c. Forward

    d. Output

    e. Post routing

    All chains are not available for all tables. Each chain gives you the option to take
    action on the packets and that particular point in the packet route.

    Let’s get a more clear picture of each of the chains.

    a. Pre routing chain


    Pre routing chain is applied to any incoming packet very soon after entering the
    network stack. This chain is processed before any routing decision have been made
    regarding where to send the packet.

    b. Input chain

    The input chain is a point post-re-routing when a packet enters a system.

    c. Forward chain
    Forward chain is applied to a packet that is forwarded through your system.

    d. Output chain
    Output chain is applied to the packet originating from your system and going out.

    e. Post routing chain


    Post routing is the opposite of pre routing, This is applied to outgoing or forwarded
    traffic after the routing decision has taken place and just before the packet is being
    put on the wire.

    You must note that all the tables can not do all the chains. Here is a list of what
    chains the main 3 tables can handle:
    a. Filter table: This default table can only handle the INPUT, OUTPUT, and
    FORWARDING chains.
    b. NAT table: This table can handle only PREROUTING, OUTPOST, and
    POSTROUTING.
    c. Mangle table: This table until recently supported only 2 chains. However, from
    version 2.4 this table supports all 5 chains: PREROUTING, INPUT, OUTPUT,
    OUTPOST, POSTROUTING, and FORWARDING.
    3. Rules in iptables
    Rules are the user-defined commands to manipulate the network traffic. As each
    chain is called, each rule is checked against the packet within the chain in order. If
    the packet does not match, the next rule in the chain is examined. If it does match,
    then the next rule is specified by the value of the target.

    Each rule has 2 components:

    a. Matching component
    A matching component is different conditions available to define rules. You can
    match by protocol type, IP address, port address, interfaces headers, etc.

    b. Target component
    The target component is the action that is triggered when a packet meets the
    matching criteria of a rule. There are 2 types of targets:

    i. Terminating targets
    Terminating targets are actions that end the further traversal in that particular
    chain. Some examples of terminating targets are: Accept, Drop, Queue, Reject,
    Return

    ii. Non terminating targets


    In non-terminating targets, you perform an action and then continue evaluation
    within the chain.

    You might also like