IPTABLES
The integrated firewall feature in Linux Kernel is IPTables. Using IPTables can turn the Linux machine to a fully fledged firewall. Since the IPTable netfilter frame work is capacble to filter pretty much most of the level of OSI models & with in all the various field in TCP, UDP and ICMP packets it has a significant value in corporate enviornment to build the security.
OSI Models
The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
some of the Protocols in each Layer are given below.
7. Application Layer
NNTP · SIP · SSI · DNS · FTP · Gopher · HTTP · NFS · NTP · SMPP · SMTP · SNMP · Telnet (more)
6. Presentation Layer
MIME · XDR · SSL · TLS
5. Session Layer
Named Pipes · NetBIOS · SAP
4. Transport Layer
TCP · UDP · PPTP · L2TP · SCTP
3. Network Layer
IP · ICMP · IPsec · IGMP
2. Data Link Layer
ARP · CSLIP · SLIP · Frame relay · ITU-T G.hn DLL
1. Physical Layer
RS-232 · V.35 · V.34 · I.430 · I.431 · T1 · E1 · Ethernet · POTS · SONET · DSL · 802.11a/b/g/n PHY · ITU-T G.hn PHY
IPTables is a front end user space tool to manage Netfilter in Linux kernel. IPTables functions primarily in the Transport (Layer4) and Network (Layer 3), even it can work in the DataLink layer too. IPTables can manage the ICMP .
Layer 4 -Transport- Focuses on Protocols & Ports (TCP/UDP & Ports(0-65535)). The ports are based on 16bit value
Layer 3 -Network- Focuses on Source & Destination (IP Address). The IP address is based on 32 bit value
Installing IPTables
The package IPTables will be installed by default in most of the Linux distro.
# rpm -qa |grep -i IPTables
Or download the Latest package of IPTables from http://www.netfiler.org
# rpm -ql iptables
IPTables ships with many modules that provides the functionality of Masquerading, Rejecting, Mapping etc. The modules that installed can be found in /lib/iptables/*.so.
Checking the kernel for the support of the IPTables.
Find the area for "NETFILTER" in Kernel config file.
# uname -a
# vim /boot/config-
CONFIG_NETFILTER=y
(y)This means the netfilter basic support has been integrated and compiled to the kernel.If (m) option is defined then this means the module can be loaded on the fly so here we need to check the iptables modules has been loaded by command "lsmod".
Default Tables & Chains in IPTables
There are 3 default tables which cannot be deleted. Each table contains chains and the rules are written to the chains
1. Mangle
This allows to alter packets eg:- Type Of Service, Time To Live etc.
2. NAT
Network Address Translation, This allows to change IP Address & Ports. Eg:- Source NAT / DST NAT etc
3. Filter
Here we perform the Filtering the traffic (INPUT, OUTPUT & FORWARD). It works between Layer 3 & Layer 4.
Rule Syntax IPTables.
# /sbin/iptables
commands are used in the following syntax:
name of chain - action done to chain (Append/Incert or Replace)
name of table - default it will append to filter table
Layer 3 object - src or dst of ip address
Layer 4 object - protocols & ports
Jump/Target - if the above criteria meets the do this action
Example of iptables
Drop All the packages from a Host
# iptables -A INPUT -t filter -s 192.168.1.233 -j DROP
This will Drop all the packages coming from the source 192.168.1.233.
Now Test by pinging to the destination host 192.168.1.233
Here we have the OUTPUT chain opened and the rule is defined in INPUT chain. This means our system is able to send the packages to the destination and while the destination machines replies back we drop the packets.
Saving and Restoring the rules in IPTables
# iptables-save
This will dump the rules to STDOUT(to the terminal). The output will be in the iptables default format.
# iptables-save > firewall-rules
This will write the rule the file firewall-rules
# iptables-restore
Default reads the rule from STDIN and loads in to the kernel.
# iptables-restore < firewall-rules
This will restore the rule that saved in the file firewall-rules.
The integrated firewall feature in Linux Kernel is IPTables. Using IPTables can turn the Linux machine to a fully fledged firewall. Since the IPTable netfilter frame work is capacble to filter pretty much most of the level of OSI models & with in all the various field in TCP, UDP and ICMP packets it has a significant value in corporate enviornment to build the security.
OSI Models
The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
some of the Protocols in each Layer are given below.
7. Application Layer
NNTP · SIP · SSI · DNS · FTP · Gopher · HTTP · NFS · NTP · SMPP · SMTP · SNMP · Telnet (more)
6. Presentation Layer
MIME · XDR · SSL · TLS
5. Session Layer
Named Pipes · NetBIOS · SAP
4. Transport Layer
TCP · UDP · PPTP · L2TP · SCTP
3. Network Layer
IP · ICMP · IPsec · IGMP
2. Data Link Layer
ARP · CSLIP · SLIP · Frame relay · ITU-T G.hn DLL
1. Physical Layer
RS-232 · V.35 · V.34 · I.430 · I.431 · T1 · E1 · Ethernet · POTS · SONET · DSL · 802.11a/b/g/n PHY · ITU-T G.hn PHY
IPTables is a front end user space tool to manage Netfilter in Linux kernel. IPTables functions primarily in the Transport (Layer4) and Network (Layer 3), even it can work in the DataLink layer too. IPTables can manage the ICMP .
Layer 4 -Transport- Focuses on Protocols & Ports (TCP/UDP & Ports(0-65535)). The ports are based on 16bit value
Layer 3 -Network- Focuses on Source & Destination (IP Address). The IP address is based on 32 bit value
Installing IPTables
The package IPTables will be installed by default in most of the Linux distro.
# rpm -qa |grep -i IPTables
Or download the Latest package of IPTables from http://www.netfiler.org
# rpm -ql iptables
IPTables ships with many modules that provides the functionality of Masquerading, Rejecting, Mapping etc. The modules that installed can be found in /lib/iptables/*.so.
Checking the kernel for the support of the IPTables.
Find the area for "NETFILTER" in Kernel config file.
# uname -a
# vim /boot/config-
CONFIG_NETFILTER=y
(y)This means the netfilter basic support has been integrated and compiled to the kernel.If (m) option is defined then this means the module can be loaded on the fly so here we need to check the iptables modules has been loaded by command "lsmod".
Default Tables & Chains in IPTables
There are 3 default tables which cannot be deleted. Each table contains chains and the rules are written to the chains
1. Mangle
This allows to alter packets eg:- Type Of Service, Time To Live etc.
2. NAT
Network Address Translation, This allows to change IP Address & Ports. Eg:- Source NAT / DST NAT etc
3. Filter
Here we perform the Filtering the traffic (INPUT, OUTPUT & FORWARD). It works between Layer 3 & Layer 4.
Rule Syntax IPTables.
# /sbin/iptables
commands are used in the following syntax:
name of chain - action done to chain (Append/Incert or Replace)
name of table - default it will append to filter table
Layer 3 object - src or dst of ip address
Layer 4 object - protocols & ports
Jump/Target - if the above criteria meets the do this action
Example of iptables
Drop All the packages from a Host
# iptables -A INPUT -t filter -s 192.168.1.233 -j DROP
This will Drop all the packages coming from the source 192.168.1.233.
Now Test by pinging to the destination host 192.168.1.233
Here we have the OUTPUT chain opened and the rule is defined in INPUT chain. This means our system is able to send the packages to the destination and while the destination machines replies back we drop the packets.
Saving and Restoring the rules in IPTables
# iptables-save
This will dump the rules to STDOUT(to the terminal). The output will be in the iptables default format.
# iptables-save > firewall-rules
This will write the rule the file firewall-rules
# iptables-restore
Default reads the rule from STDIN and loads in to the kernel.
# iptables-restore < firewall-rules
This will restore the rule that saved in the file firewall-rules.
No comments:
Post a Comment