LINUX IPTABLES BASICS-Uses and Commands

What are IPTABLES ?

IPtables is a basic firewall in linux.
Original firewall running in Linux was ipchains. Netfilter.org created IPTABLES to overcome the shortcomings of ipchains. It is faster and secure compared to ipchains. It is a default firewall package installed under RedHat and Fedora Linux.

Why IPTABLES :

Some features of IPTABLES

Packet inspection:

Firewall keep track of each packet passing through it and in certain cases it’ll view the contents of data flow to anticipate certain protocols.

Packet Filtering:

Packets are filtered based on MAC address and flags in the TCP/UDP header. Packet Filtering is helpful to restrict access of malfunctioned packets.

Rate limiting :

This feature helps iptables block some types of Denial of Service (DoS) attacks.

Packet Processing in IPTABLES

Basic Structure

Tables –> Chains –> Rules

All Packets inspected, when they pass through a sequence of built-in tables for processing.

1. Mangle Table

   Responsible for the alteration of Quality of Service (QoS) bits.

Different inbuilt chains are

• PREROUTING chain
• OUTPUT chain
• FORWARD chain
• INPUT chain
• POSTROUTING chain

2. Filter Table

   Responsible for packet filtering. It has 3 built-in chains. It is the Default table.

   • INPUT : Control packets coming INTO the PC/Server

We can add rules to control INPUT connections from remote to server

• FORWARD : packets passing THROUGH PC (if it’s a router)

Manage packets from one NIC to another in same machine

• OUTPUT : packets leaving OUT PC.

3. NAT table

   Responsible for Network Address Translation.To Modify network address information in IP packet header when they are in transit. It has 2 built in chains.

Pre-routing chain:

Address translation occurs before routing.Also known as Destination NAT or DNAT. Allows us to change Destination IP address

Post-routing chain:

Address tanslation occurs after routing.Also known as Source NAT or SNAT. Facilitates to change source IP address.

Chains:

Set of rules that govern network traffic by opening and closing ports that can be applied or bound to an interface in a particular order

How to apply:

To specify table : use switch -t
Syntax :

• To List all rules from filter table

How to add Rules:

Each rule inspects IP packet and process further based on targets and Jumps.

ACCEPT

IPTABLES stop further processing of packet and hand it over to the OS or App.

DROP

IPTABLES stop packet processing and packet is blocked

REJECT

It also drops the packet but return an error message to sender/host.

Switches that are used commonly used:

• -s source address
• -d destination address
• -p protocol
• -i interface
• -j action
• -P specify default policy for a chain
• -D delete a rule for a chain
• -R replace a rule for a chain
• -F remove all rules for specified chain
• -L list chain rules
• -A append/add rule to end of a chain

Some commonly used TCP and UDP ports:

• FTP : TCP 21/20
• SMTP (Email out) : 25
• SSH : TCP 22
• POP3(Email in) : 110
• Telnet : TCP 23
• IMAP(Email in) : 143
• Web/http : TCP 80
• DNS : UDP 53
• SSL/https : TCP 443
• DHCP : UDP 67/68
• SNMP : 161/162
• SAMBA : 137-139 and 445
• NETBIOS : 137-139
• ACTIVE DIRECTORY : 445 NetBios/DNS