Firewall - Iptables

Lab 1

Purpose: perform basic tasks on systems firewall.

Procedure:

To list the current content of filter table:

[root@alexrh ~]# iptables --list

It is possible to liste rule line number also:

[root@alexrh ~]# iptables --list --line-numbers

Try -v(vv) options also.

Note: connections can be tested with nc (netcat tool)

To add a rule for new http connections:

[root@alexrh ~]# iptables -A INPUT -p tcp -m state --state NEW --dport

80 -j ACCEPT

To delete the newly added rule:

[root@alexrh ~]# iptables -D INPUT -p tcp -m state --state NEW --dport

80 -j ACCEPT

To insert the rule in a specific position:

[root@alexrh ~]# iptables -I INPUT 5 -p tcp -m state --state NEW --

dport 80 -j ACCEPT

Lab 2

Iptables example:

iptables -P FORWARD DROP

iptables -P INPUT DROP

# Always accept loopback traffic

iptables -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -m state state

ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.

iptables -A FORWARD -i eth1 -o eth1 -j REJECT