1. Firewall for Linux
2. Interface to Netfilter, which is loaded by the kernel
3. Operates primarily @ layers 3 & 4 of the OSI model
4. Modular
5. Provides Network Address Translation (NAT)
6. IPTables can also access other layers (2, 5-7), with modules
1. grep -i config_netfilter /boot/config*
Note: Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically
/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file
IPTables includes 3 default tables, which you cannot remove:
1. NAT
2. Mangle
3. Filter (Default) - filters inbound/outbound traffic
Note: Each table, includes chains, which include Access Control Entries (ACEs)
Usage:
1. iptables -L
Note: The Filter table includes 3 chains:
1. INPUT - applies to traffic destined to a service that our system is bound to
2. FORWARD - applies to traffic being routed through the system
3. OUTPUT - applies to traffic sourced from our system, heading outbound
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
a. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
b. iptables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
a. iptables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
a. iptables -F OUTPUT
4. Save rules to file, then flush rules
a. iptables-save > iptables.rules.1
5. Reinstate flushed rules
a. iptables-restore iptables.rules.1
No comments:
Post a Comment