Tuesday, October 27, 2009

Linux Securirty Notes 15: IPTables 1: Introduction

    The integrated firewall feature in Linux Kernel is IPTables. Using IPTables can turn the Linux machine to a fully fledged firewall. Since the IPTable netfilter frame work is capacble to filter pretty much most of the level of OSI models & with in all the various field in TCP, UDP and ICMP packets it has a significant value in corporate enviornment to build the security.

OSI Models
    The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are
  •     Layer 1: Physical Layer
  •     Layer 2: Data Link Layer
  •     Layer 3: Network Layer
  •     Layer 4: Transport Layer
  •     Layer 5: Session Layer
  •     Layer 6: Presentation Layer
  •     Layer 7: Application Layer

some of the Protocols in each Layer are given below.
7. Application Layer
NNTP  · SIP  · SSI  · DNS  · FTP  · Gopher  · HTTP  · NFS  · NTP  · SMPP  · SMTP  · SNMP  · Telnet (more)
6. Presentation Layer
5. Session Layer
Named Pipes  · NetBIOS  · SAP
4. Transport Layer
TCP  · UDP  · PPTP  · L2TP  · SCTP
3. Network Layer
IP  · ICMP  · IPsec  · IGMP
2. Data Link Layer
ARP  · CSLIP  · SLIP  · Frame relay  · ITU-T G.hn DLL
1. Physical Layer
RS-232  · V.35  · V.34  · I.430  · I.431  · T1  · E1  · Ethernet  · POTS  · SONET  · DSL  · 802.11a/b/g/n PHY  · ITU-T G.hn PHY
    IPTables is a front end user space tool to manage Netfilter in Linux kernel. IPTables functions primarily in the Transport (Layer4) and Network (Layer 3), even it can work in the DataLink layer too. IPTables can manage the ICMP .

Layer 4 -Transport- Focuses on Protocols & Ports (TCP/UDP & Ports(0-65535)). The ports are based on 16bit value
Layer 3 -Network- Focuses on Source & Destination (IP Address). The IP address is based on 32 bit value

Installing IPTables
         The package IPTables will be installed by default in most of the Linux distro.

# rpm -qa |grep -i IPTables

    Or download the Latest package of IPTables from http://www.netfiler.org

# rpm -ql iptables
    IPTables ships with many modules that provides the functionality of Masquerading, Rejecting, Mapping etc. The modules that installed can be found in /lib/iptables/*.so.

Checking the kernel for the support of the IPTables.

Find the area for "NETFILTER" in Kernel config file.

# uname -a

# vim /boot/config-


    (y)This means the netfilter basic support has been integrated and compiled to the kernel.If (m) option is defined then this means the module can be loaded on the fly so here we need to check the iptables modules has been loaded by command "lsmod".

Default Tables & Chains in IPTables
    There are 3 default tables which cannot be deleted. Each table contains chains and the rules are written to the chains
1. Mangle
    This allows to alter packets eg:- Type Of Service, Time To Live etc.
2. NAT
    Network Address Translation, This allows to change IP Address & Ports. Eg:- Source NAT / DST NAT etc
3. Filter
    Here we perform the Filtering the traffic (INPUT, OUTPUT & FORWARD). It works between Layer 3 & Layer 4.

Rule Syntax IPTables.

# /sbin/iptables   
commands are used in the following syntax:
    name of chain - action done to chain (Append/Incert or Replace)
    name of table - default it will append to filter table
    Layer 3 object - src or dst of ip address
    Layer 4 object - protocols & ports
    Jump/Target - if the above criteria meets the do this action

Example of iptables

Drop All the packages from a Host

# iptables -A INPUT -t filter -s    -j DROP

    This will Drop all the packages coming from the source
Now Test by pinging to the destination host
     Here we have the OUTPUT chain opened and the rule is defined in INPUT chain. This means our system is able to send the packages to the destination and while the destination machines replies back we drop the packets.

Saving and Restoring the rules in IPTables

# iptables-save

    This will dump the rules to STDOUT(to the terminal). The output will be in the iptables default format.

# iptables-save > firewall-rules

    This will write the rule the file firewall-rules

# iptables-restore

    Default reads the rule from STDIN and loads in to the kernel.

# iptables-restore < firewall-rules

    This will restore the rule that saved in the file firewall-rules.

No comments:

Post a Comment

tag ur valuable ideas below