Linux: Iptables Examples For New SysAdmins Part -->1 ~ Information For IT

Linux comes with a host based firewall called Netfilter. According to the official project site:

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial thatexplains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.

IPTABLES Rules Example

Ø Most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell. Do not type commands on remote system as it will disconnect your access.

Ø For demonstration purpose I've used RHEL 6.x, but the following command should work with any modern Linux distro.

Ø This is NOT a tutorial on how to set iptables. See tutorial here. It is a quick cheat sheet to common iptables commands.

#1: Displaying the Status of Your Firewall

Type the following command as root:

# iptables -L -n -v

Sample outputs:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

Above output indicates that the firewall is not active. The following sample shows an active firewall:

# iptables -L -n -v

Sample outputs:

Chain INPUT (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source       destination

    0     0 DROP       all  --  *      *       0.0.0.0/0    0.0.0.0/

state INVALID

  394 43586 ACCEPT     all  --  *      *       0.0.0.0/0    0.0.0.0/

state RELATED,ESTABLISHED

   93 17292 ACCEPT     all  --  br0    *       0.0.0.0/0    0.0.0.0/0

    1   142 ACCEPT     all  --  lo     *       0.0.0.0/0    0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source       destination

    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0    0.0.0.0/0

    0     0 DROP       all  --  *      *       0.0.0.0/0    0.0.0.0/0

state INVALID

    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0    0.0.0.0/0

tcp flags:0x06/0x02 TCPMSS clamp to PMTU

    0     0 ACCEPT     all  --  *      *       0.0.0.0/0    0.0.0.0/0

state RELATED,ESTABLISHED

    0     0 wanin      all  --  vlan2  *       0.0.0.0/0    0.0.0.0/0

    0     0 wanout     all  --  *      vlan2   0.0.0.0/0    0.0.0.0/0

    0     0 ACCEPT     all  --  br0    *       0.0.0.0/0    0.0.0.0/0

Chain OUTPUT (policy ACCEPT 425 packets, 113K bytes)

 pkts bytes target     prot opt in     out     source       destination

Chain wanin (1 references)

 pkts bytes target     prot opt in     out     source       destination

Chain wanout (1 references)

 pkts bytes target     prot opt in     out     source       destination

Where,

Ø -L : List rules.

Ø -v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.

Ø -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.

#1.1: To inspect firewall with line numbers, enter:

# iptables -n -L -v --line-numbers

Sample outputs:

Chain INPUT (policy DROP)

num  target     prot opt source        destination

1    DROP       all  --  0.0.0.0/0     0.0.0.0/0        state INVALID

2    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0        state RELATED,ESTABLISHED

3    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0

4    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0

Chain FORWARD (policy DROP)

num  target     prot opt source        destination

1    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0

2    DROP       all  --  0.0.0.0/0     0.0.0.0/0        state INVALID

3    TCPMSS     tcp  --  0.0.0.0/0     0.0.0.0/0        tcp flags:0x06/0x02

TCPMSS clamp to PMTU

4    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0        state RELATED,ESTABLISHED

5    wanin      all  --  0.0.0.0/0     0.0.0.0/0

6    wanout     all  --  0.0.0.0/0     0.0.0.0/0

7    ACCEPT     all  --  0.0.0.0/0     0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source        destination

Chain wanin (1 references)

num  target     prot opt source        destination

Chain wanout (1 references)

num  target     prot opt source        destination

You can use line numbers to delete or insert new rules into the firewall.

#1.2: To display INPUT or OUTPUT chain rules, enter:

# iptables -L INPUT -n -v
# iptables -L OUTPUT -n -v --line-numbers

#2: Stop / Start / Restart the Firewall

If you are using CentOS / RHEL / Fedora Linux, enter:

# service iptables stop
# service iptables start
# service iptables restart

You can use the iptables command itself to stop the firewall and delete all rules:

# iptables -F

# iptables -X

# iptables -t nat -F

# iptables -t nat -X

# iptables -t mangle -F

# iptables -t mangle -X

# iptables -P INPUT ACCEPT

# iptables -P OUTPUT ACCEPT

# iptables -P FORWARD ACCEPT

Where,

Ø -F : Deleting (flushing) all the rules.

Ø -X : Delete chain.

Ø -t table_name : Select table (called nat or mangle) and delete/flush rules.

Ø -P : Set the default policy (such as DROP, REJECT, or ACCEPT).

Information For IT

Monday, September 3, 2012