Thursday, December 9, 2010

Firewall in LINUX

                      FIREWALL IN LINUX

              Firewall is a security gate to our network, It decides to whom to give access to our data and to whom should it restricts. Linux firewall uses Ip address for packet filtering.
There are 2 types in Linux Firewall :
1) Ip tables: Recently used firewall
2) Ip chains: It was used earlier.

There are 3 types of packets :.

a) Input Packet
b) Output Packet
c)Forward through Packet

 
On the basis of packets there are 3 types of rules,
a) Input Rule
b) Output Rule
c)Forward Rule

 
Iptables contains Tables and in every table there is a grouping of Ipchains. Every rule is having specific number. New rule goes to new line. We can add, delete, modify the Rules.

Ip tables command is as follows -
# iptables -t table option pattern -j target
the -t table option tells which table to use.

3 basic tables are available -
1) Filter
2) Nat
3) Mangle

 
Nat table supports network address translation.
Filter table allows to block or allow special types of network traffic.

Setting up Ip Masquerading :
it allows you to hide the ip address of the computer on your LAN.

Give command :
# iptables -L

It will show -

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


If you want to stop ping to your machine from other computer add rule as :
# iptables -A INPUT -S other_machines_IP -p icmp --icmp-type echo-request -j REJECT

here -A = is to append chain
-S = source address
-p = protocol
-j = action to be taken

Now give command, # iptables -L
you can see your settings in a tabular form.

For dropping First Rule :
 
# iptables -R INPUT 1 -s other_machines_IP -p icmp --icmp-type echo-request -j DROP

# iptables -L
you will get the changes made.

To delete Rules :
 
# iptables -D (chain_name) (Rule_number)
i.e. # iptables -D INPUT 1

To delete all Rules :
 
# iptables -F (chain_name)

If you want to get Ping from only 172.16.0.240 machine and no other then write rule as :
# iptables -A INPUT -s ! 172.16.0.240 -p icmp --icmp-type echo-request -j REJECT

To allow FTP on 172.16.0.241 the Rule is :
# iptables -A INPUT -s 172.16.0.241 -p tcp --dport 20 -j ACCEPT
 
or you can allow port 21 also for FTP. Port 20 and 21 are used for FTP

To block 172.16.0.240 for FTP access the Rule should be :

# iptables -A INPUT -s 172.16.0.240 -p tcp --dport 20 -j DROP
You can check the changes :
# iptables -L
 
For FTP if you block single port then you can login using FTP but cannot access files. If you dont want to get login also then block both the ports.

If you restart your machine then that rules are no more there if you want to save them then give command :

# service iptables save

Rules gets saved in “/etc/sysconfig/iptables” file
You can add or delete rules directly in this file also.

To allow proxy from 172.16.0.240 write rule as,
# iptables -A INPUT -s 172.16.0.240 -p tcp --dport 3128 -j ACCEPT

and to block it on 172.16.0.241 ,
# iptables -A INPUT -s 172.16.0.241 -p tcp --dport 3128 -j DROP
# iptables -L



To Replace Rules :
 
# iptables -R (chain_name) (Rule_number) (New_Rule)
e.g. To replace rule no. 6 and allow squid from 172.16.0.241 we can write as,

# iptables -R INPUT 6 -s 172.16.0.241 -p tcp --dport 3128 -j ACCEPT

# iptables -L
 
To stop Iptables service :

# service iptables stop
To start service :

# service iptables start

To make new Table :
we can not create new tables. By default there are 3 tables: Filter, Nat & Mangle

To create new chain :
iptables -N (new_chain_name)
# iptables -N FTP1

1) Allow ftp to 172.16.0.241
# iptables -A FTP1 -s 172.16.0.241 -p tcp -dport 20 -j ACCEPT
 
2) To deny FTP to 172.16.0.240
# iptables -A FTP1 -s 172.16.0.240 -p tcp -dport 20 -j DROP
# iptables -A FTP1 -s 172.16.0.240 -p tcp -dport 21 -j DROP
# iptables -L

No comments:

Post a Comment