Saturday, January 2, 2010



1. Firewall for Linux

2. Interface to Netfilter, which is loaded by the kernel

3. Operates primarily @ layers 3 & 4 of the OSI model

4. Modular

5. Provides Network Address Translation (NAT)

6. IPTables can also access other layers (2, 5-7), with modules
•grep -i config_netfilter /boot/config*

Note:Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically

/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file

IPTables includes 3 default tables, which you cannot remove:

1. NAT

2. Mangle

3. Filter (Default) - filters inbound/outbound traffic

Note: Each table, includes chains, which include Access Control Entries (ACEs)
1. iptables -L

Note: The Filter table includes 3 chains:
1. INPUT - applies to traffic destined to a service that our system is bound to
2. FORWARD - applies to traffic being routed through the system
3. OUTPUT - applies to traffic sourced from our system, heading outbound
1. Filter inbound traffic to remote RH5 system to SSH
• iptables -A INPUT -p tcp --dport 22 -j ACCEPT
• iptables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
• iptables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
• iptables -F OUTPUT
4. Save rules to file, then flush rules
• iptables-save > iptables.rules.1
5. Reinstate flushed rules
• iptables-restore iptables.rules.1

No comments:

Post a Comment