Get Mystery Box with random crypto!

[IPTABLES] Deploy your first line of defence! Firewall rules a | LinuxCheatSheet

[IPTABLES] Deploy your first line of defence!
Firewall rules and packet management is a difficult skill to manage. Whether you are on cloud, on a physical server or a virtual machine you will soon or later need to secure your connection or reroute some packet to another destination. The Linux kernel do it through the Netfilter capability, and the standard tool to manipulate it is iptables. It is so called because Netfilter is divided in tables. Each table has a different purpose, and it is subdivided in chains. Each packet managed by the Linux Kernel cross one of this chains and is filtered/altered by a rule and a target. Let's see how it works starting with a simple example. As user root, try to
~]# ping -n 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8:
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss
~]# iptables -A OUTPUT --dst 8.8.8.8 -j DROP
~]# ping -n 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss
What's happened? You just manipulated the filter table: this is the default table used by iptables if you don't specify another one. This table is used to manipulate packets that:
- hits your server or Incoming Traffic.
- are generated from your server or Outgoing Traffic
- transits in your server of Forwarding Traffic
The filter table is hence divided in 3 chains: INPUT, OUTPUT and FORWARD.
You can view them with:
~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 8.8.8.8
You can see in the output the three tables. Each table has a default policy, in this example: ACCEPT. That means that if no rule is specified in the chain, the packet crossing it is accepted. When you type:
iptables -A OUTPUT --dst 8.8.8.8 -j DROP
it is equivalent to:
iptables -t filter -A OUTPUT --dst 8.8.8.8 -j DROP that means:
In the filter table (-t), append (-A) as the last rule in the OUTPUT chain this rule: when destination (--dst) is 8.8.8.8 then direct it to target DROP. So, when you ping 8.8.8.8, your packets never exit your pc because they are dropped by Linux Netfilter.
If you want to discard the rule, you can flush the chain output with
~]# iptables -F OUTPUT
This command flush all of the rules you currently have in the output table. Be careful! If you use it on a remote production server and the OUTPUT table has the default policy DROP, you may cut it out completely from the Internet!

Wants to know more? Vote and share the post! Share the channel with your friends: http://t.me/linuxcheatsheet
Bye!
G.
Prossimo messaggio
telegram-store.com © 2016-2024
Non official site about Telegram
Tutti i diritti sono riservati. È vietata la copia e l'utilizzo di tutto il materiale; la citazione parziale è possibile solo con un collegamento ipertestuale al sito telegram-store.com.