+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP TABLES
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP Tables and Firewalld an Introduction :
Redhat has a Powerful firewall built in - Called IP Tables . But if you were to look at it more carefully it is IP Tables /Netfilter
IP Tables is a user space module , the bit with which the user interact with at the command line to enter firewall rules into per-defined tables .
Netfilter : Is the kernel module built into the kernel which actually does the filtering .
Front end GUI available for IP Tables , that allows users to add or define rule based on a point and click user interface . But this often lacks the flexibility that the command line tool provides .
We are going to learn the command line interface of IP Tables
Basic Understanding the way it works.
- IP Tables Places rules into per-defined chains . INPUT, OUTPUT and FORWARD That are checked against any network traffic IP packets relevant to those chains . And a decision is made from these IP Packets based on the outputs of those rules that is accepting or copying the packet . These actions are referred to as targets - The most common per-defined targets are DROP to drop the packets or ACCEPT to accept a packet
- There are three per-defined chains in the filter tables to which we can add rules for processing IP addresses.
- These packets are INPUT this means all packets are destined for the host computer .
- OUTPUT : All packets originating from the host computer .
- FORWARD : All packets neither destined for originating from the host computer . But passing by or routed by the host computer. This chain is used if you are using your computer as a router
- for most parts we are going to dealing with INPUT chains while dealing with packets entering our machines keeping the bad guys out .
- Rules are added in a list to each chain and a packet is checked against each role in turn , starting in the top and if it matches a rule a action is taken . such as ACCEPTING when accepting DROP when you drop a packet . Once the packets are matched and an action is taken the packet is processed according to the as the outcome of that rule. And Isn't processed by further rules in the chain.
- If it passes through all the rules in the chain and reaches the bottom with out being matched against any rule the the default action for the chain is taken . This is referred to as the default policy or may be set to ACCEPT or DROP the packet .
There are three predefined chains in the filter table which we can add rules for processing IP Addresses .
The concept of default policy
Working with IP Table from the command line needs root privileges , so you need to become root for most things you are doing .
One important things - We will be turning off the IP table and resetting the firewall rule so if you are relying on firewall as your primary line of defense you should be aware of this .
IP Tables should be installed by default on all CentOS and Redhat machines . you can check that by running the below command
$ rpm -q iptables
$ lsmod | grep ip_tables
$ iptables -L
If IPtable is not running on your system this is how you can get it started
$ system-config-securitylevel^C
In CentOS
sudo systemctl start iptables sudo systemctl enable iptables
In this lecture we are going to write a simple rule-set . At this point we are going to clear the default rule set, so if you are connecting so if you are connecting remotely to a server via SSH for this tutorial
Then there is a real possibility that you can lock yourself out of your machine .
So you must set the default INPUT policy to ACCEPT before flushing the current rules. And then add a rule from the first to explicitly allow yourself access to prevent against locking yourself up. So this is just a cautionary note .
We will use an example based approach to examine the various IP tables command . In this example we will create a very simple set of rules to setup up state-ful packet inspection or SPI firewall that will allow all out going connection but block all unwanted incoming connection .
$ iptables -P INPUT ACCEPT
$ iptables -F
$ iptables -A INPUT -i lo -j ACCEPT
$ iptables -A INPUT -m state --state ESTABLISHED, RELATED ACCEPT
Last one is > iptables -L -v
lets take a look at all the commands that we have run so far .
$ iptables -P INPUT ACCEPT -- while connecting remotely we need to temporarily set the default policy on your input chain . other while flushing the current rules we will be locked out of the server .