Lab #11 - Firewall Introduction + Extra Credit Assignment

Lab Steps:


Learning Basic Interaction with iptables A. Open a Terminal and become root. B. Type /sbin/iptables -F to flush all current iptables chain rules. C. Type /sbin/iptables -L -v to verbosely see your iptables chains. There are no rules currently. D. Type cat /etc/sysconfig/iptables to view the currently saved iptables ruleset. While you have flushed the live chains, the actual configuration for the system hasnʼt changed. E. Type /etc/init.d/iptables stop to flush all rules, set the default rules to accept all traffic, and unload all kernel modules for iptables. F. Type /etc/init.d/iptables start to reload the iptables modules and load the existing configuration file /etc/sysconfig/iptables to the state it was prior to you flushing the chain rules. G. Type /sbin/iptables -L -v -n to verbosely show all iptables chains & rules, without resolving IP addresses to hostnames (usually faster to show). This is the output of the default configuration that the system is using for a firewall. Using the GUI Firewall Configuration Tool A. Select System > Administration > Security Level and Firewall from the menu to open the Firewall Configuration tool. This is the same as if you typed system-config-securitylevel. B. You will notice that the firewallʼs configuration dropdown is set as Enabled. C. You will see that SSH is allowed to be connected to through your firewall. Go back to your Terminal and type /sbin/ifconfig eth0 to find your IP address and share it with a classmate. D. Once you get someone elseʼs IP Address try to ssh lrat@<their ip address> in your Terminal. You should be prompted to enter the lrat user password. E. Once both of you have successfully been able to connect to the SSH server on each otherʼs computers, go back to your respective Firewall Configuration windows, uncheck SSH, and click Apply at the top of the dialog. Click Yes when prompted to overwrite your current rules. F. When both of you have completed the previous task, try to ssh again. You should not be able to connect to each otherʼs SSH server anymore. G. Reverse this step and re-enable SSH on your machine the same way you had just disabled it. H. Close the Firewall Configuration dialog. Adding and Removing a Custom iptables Rule via the CLI A. Go back to your Terminal once again and become root if you already arenʼt. B. Type /sbin/iptables -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 31337 -j ACCEPT to allow TCP connections to port 31337 on your machine C. Type /sbin/iptables -L -n | grep 31337 and you will see a line showing the loaded rule. D. Type /sbin/iptables -D RH-Firewall-1-INPUT -m tcp -p tcp --dport 31337 -j ACCEPT to delete it. E. Close your Terminal.



Extra Credit - Create Your Own Lab! (25 Points)
Overview: Create a lab of a reasonable length and difficulty, similar to those we have done previously. Use a topic that we have not already covered during class or revisit a topic in a brand new way. Restrictions: No more than two people may turn-in one lab. Labs must have an organized structure similar to those you do in class each week. Your lab will be graded for content, structure, clarity, and quality. Partial credit will be awarded. This must be turned-in today and you must have already completed the lab above to be able to participate in the extra credit.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.