IP tables is a firewall and networking tool available to all Linux Distros and operates by analyzing packets at the kernel level as they are received.
I am going to use this article to explain how to use IPtables a simple firewall. The scope of this article will be to learn basic knowledge enough to open up holes in your firewall to necessary ports.
$ sudo iptables --list
Your output is going to look like the following if you haven't made any changes:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
In a default install you will see three predefined Chains that will take care of the three major activities: Incoming Traffic, Forwarded Traffic and Outgoing Traffic. The "policy" is probably the most important thing to take away from the above table. The policy is the default ruleset for that particular Chain, with a standard install all policies will be "Accept".
The available policies and other options are extensive, if you would like to know more about them check out the 'man page' for IPtables. In the scope of this article I will only cover the following three policies which are the most common:
IPtables MAN page: http://linux.die.net/man/8/iptables
$ sudo iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Ok, in this case we can make a few different choices, the choices can be applied to other ports or situations to make customizations.
In this command, we will allow connections for all tcp connections attempts at SSH connections.
$ sudo iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT
In this command, we will allow connections only coming from a certain IP subnet using CIDR notation. In this example we are going to lockdown to any IP address lying in the range of 192.168.1.0 - 192.168.1.255
$ sudo iptables -I INPUT 1 -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
The following iptables rules will allow connections from both port 80 (HTTP) and port 443 (HTTPS) from any connections.
$ sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT $ sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
The following iptables rules will allow connections for FTP servers on port 21.
$ sudo iptables -I INPUT 1 -p tcp --dport 21 -j ACCEPT
Using what you've learned from the above use the following list of common ports from the link to create rules for any running server you have.
The only real policy change that we are going to make is going to effect incoming traffic, as a general rule we are going to Drop all connections, and only allow those we have deemed legit.
$ sudo iptables -P INPUT DROP
If your server reboots for any reason or you restart IPTables you will loose your changes. The rules that you input by hand are stored in volatile memory. Make sure that you save IPtables rules for any change you want to make permanent you will need one of the following commands:
# /etc/init.d/iptables save
# iptables-save > /etc/iptables.rules
# iptables-save > /etc/sysconfig/iptables
The above commands will create a file /etc/sysconfig/iptables that will be a flat file with human readable syntax that can be edited by hand if necessary. All edits to this file will be live whenever iptables is restarted.
Hopefully from this article you can create a simple firewall to protect your server from basic attacks. Keep in mind that IPTables is a very powerful tool that would take a book to fully go through all of its abilities. My next networking article will go through a few simple networking tricks like port forwarding and NATing. If you need help creating more rules here is a link to an Easy Firewall Generator for IPTables.
Retrieved from "/knowledge_center/index.php/Introduction_to_iptables"
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License