The integrated firewall feature in Linux Kernel is IPTables. Using IPTables can turn the Linux machine to a fully fledged firewall. Since the IPTable netfilter frame work is capacble to filter pretty much most of the level of OSI models & with in all the various field in TCP, UDP and ICMP packets it has a significant value in corporate enviornment to build the security.
The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are
- Layer 1: Physical Layer
- Layer 2: Data Link Layer
- Layer 3: Network Layer
- Layer 4: Transport Layer
- Layer 5: Session Layer
- Layer 6: Presentation Layer
- Layer 7: Application Layer
some of the Protocols in each Layer are given below.
7. Application Layer
NNTP · SIP · SSI · DNS · FTP · Gopher · HTTP · NFS · NTP · SMPP · SMTP · SNMP · Telnet (more)
6. Presentation Layer
MIME · XDR · SSL · TLS
5. Session Layer
Named Pipes · NetBIOS · SAP
4. Transport Layer
TCP · UDP · PPTP · L2TP · SCTP
3. Network Layer
IP · ICMP · IPsec · IGMP
2. Data Link Layer
ARP · CSLIP · SLIP · Frame relay · ITU-T G.hn DLL
1. Physical Layer
RS-232 · V.35 · V.34 · I.430 · I.431 · T1 · E1 · Ethernet · POTS · SONET · DSL · 802.11a/b/g/n PHY · ITU-T G.hn PHY
IPTables is a front end user space tool to manage Netfilter in Linux kernel. IPTables functions primarily in the Transport (Layer4) and Network (Layer 3), even it can work in the DataLink layer too. IPTables can manage the ICMP .
Layer 4 -Transport- Focuses on Protocols & Ports (TCP/UDP & Ports(0-65535)). The ports are based on 16bit value
Layer 3 -Network- Focuses on Source & Destination (IP Address). The IP address is based on 32 bit value
The package IPTables will be installed by default in most of the Linux distro.
# rpm -qa |grep -i IPTables
# rpm -ql iptables
IPTables ships with many modules that provides the functionality of Masquerading, Rejecting, Mapping etc. The modules that installed can be found in /lib/iptables/*.so.
Find the area for "NETFILTER" in Kernel config file.
# uname -a
# vim /boot/config-
Default Tables & Chains in IPTables
There are 3 default tables which cannot be deleted. Each table contains chains and the rules are written to the chains
This allows to alter packets eg:- Type Of Service, Time To Live etc.
Network Address Translation, This allows to change IP Address & Ports. Eg:- Source NAT / DST NAT etc
Here we perform the Filtering the traffic (INPUT, OUTPUT & FORWARD). It works between Layer 3 & Layer 4.
Rule Syntax IPTables.
commands are used in the following syntax:
name of chain - action done to chain (Append/Incert or Replace)
name of table - default it will append to filter table
Layer 3 object - src or dst of ip address
Layer 4 object - protocols & ports
Jump/Target - if the above criteria meets the do this action
Example of iptables
Drop All the packages from a Host
# iptables -A INPUT -t filter -s 192.168.1.233 -j DROP
Now Test by pinging to the destination host 192.168.1.233
Here we have the OUTPUT chain opened and the rule is defined in INPUT chain. This means our system is able to send the packages to the destination and while the destination machines replies back we drop the packets.
Saving and Restoring the rules in IPTables
# iptables-save > firewall-rules
# iptables-restore < firewall-rules