Monday, January 24, 2011

IPTables in Linux

Features:
1. Firewall for Linux
2. Interface to Netfilter, which is loaded by the kernel
3. Operates primarily @ layers 3 & 4 of the OSI model
4. Modular
5. Provides Network Address Translation (NAT)
6. IPTables can also access other layers (2, 5-7), with modules

1. grep -i config_netfilter /boot/config*

Note: Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically

/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file


IPTables includes 3 default tables, which you cannot remove:
1. NAT
2. Mangle
3. Filter (Default) - filters inbound/outbound traffic

Note: Each table, includes chains, which include Access Control Entries (ACEs)

Usage:
1. iptables -L

Note: The Filter table includes 3 chains:
1. INPUT - applies to traffic destined to a service that our system is bound to

2. FORWARD - applies to traffic being routed through the system

3. OUTPUT - applies to traffic sourced from our system, heading outbound


Examples:
1. Filter inbound traffic to remote RH5 system to SSH
a. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
b. iptables -A INPUT -j DROP

2. Filter outbound traffic to ANY remote SSH port
a. iptables -A OUTPUT -p tcp --dport 22 -j DROP

3. Flush ALL rules from OUTPUT chain of the Filter table
a. iptables -F OUTPUT

4. Save rules to file, then flush rules
a. iptables-save > iptables.rules.1

5. Reinstate flushed rules
a. iptables-restore iptables.rules.1