Learn Iptables

SBN · 11-05-2006, 11:26 PM

- hey guys i have heard that iptables is good in creating a firewall and i want to learn it. any tips on where can i learn it.

////// · 11-06-2006, 01:20 AM

These links will offer some basic information for you.

http://www.netfilter.org/documentati...ing-HOWTO.html
http://lartc.org/howto/

Cheers

////

win32sux · 11-06-2006, 11:08 AM

also don't forget this tutorial: http://iptables-tutorial.frozentux.n...-tutorial.html

it's one of the most often recommended here at LQ...

SBN · 11-09-2006, 12:50 AM

- thanks for the links guys i have read some of them and they very educational.
- after reading those links i tried to test my iptables skills

, i have adop the rule to block all and allow only those that i need. and this is what i did.

firs i block all incoming connections:

Quote:

iptables -P INPUT DROP

then i tried to access the internet and still i can have an access
then i also block all outgoing connections:

Quote:

iptables -P OUTPUT DROP

so now INPUT and OUTPUT is block, then i tried accessing the internet and no such luck. in our small network i think the only services that we really need is just web browsing, the ftp, IM (yahoo primarily, email. unless there services that should not be block.

so i first try to allow our network have access to internet and tried this:

Quote:

iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp dport 80 -j ACCEPT

and the result no internet access, so i tried added the same code only this time i change tcp to udp and still no access. then i tried this:

Quote:

iptables -A INPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -sport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p tcp -dport 80 -j ACCEPT
iptables -A OUTPUT -s 0/0 -p udp -dport 80 -j ACCEPT

and wala!!! we have internet access i was so happy!!! but is this correct can i have your opinion guys...thanks

noonmid27 · 11-14-2006, 09:22 PM

Can somebody tell me where i can get some answers on how to configure the firewall for slackware 11.0 i've tried looking up information on the internet but the terms are very technical, thus confusing a newbe like myself.

fotoguy · 11-14-2006, 10:09 PM

Quote:

Originally Posted by SBN

and wala!!! we have internet access i was so happy!!! but is this correct can i have your opinion guys...thanks

OK this is sort of correct, the only thing is the internet uses TCP protocol to connect to webservers. UDP is only used by DNS servers, and on the extreme cases DNS servers may also use the TCP protocol, but this is rare.

To help cut down on some of the rules and to make the script a bit more secure, is to load the STATE module. This module is best used on the INPUT chain. So you can have one line that will only allow what you allow to go out, to come back in:

Code:

# load module
modprobe ipt_state

# allow only related or established to come back in
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

spurious · 11-14-2006, 10:16 PM

wiki.linuxquestions.org hosts a simple iptables script and tutorial.

fotoguy · 11-14-2006, 10:48 PM

Quote:

Originally Posted by noonmid27

Can somebody tell me where i can get some answers on how to configure the firewall for slackware 11.0 i've tried looking up information on the internet but the terms are very technical, thus confusing a newbe like myself.

Slackware 11.0 doesn't come with any firewall script, you will have to make one yourself. You can make a simple script that will work quite well, all files that you want executed at bootup go in the /etc/rc.d directory and must be made executable.

A simple firewall script would look something like this:

Code:

#################################################
#!/bin/sh
# /etc/rc.d/rc.firewall

LOCATE=`whereis iptables | awk '{print $2}'`
IPTABLES=$LOCATE

# Flush all inbuilt chains
$IPTABLES -F
# flush all user created chains
$IPTABLES -X

# set default policy to drop everything
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

# load the state module
/sbin/modprobe ipt_state

# drop invalid packets coming into the host
$IPTABLES -A INPUT -m state --state INVALID -j DROP

# allow only established or related packets back into the host
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# allow everything to go out of the host
$IPTABLES -A OUTPUT -j ACCEPT

# anything that makes it this far will now be caught by the default policy
# which has been set to DROP

# end of /etc/rc.d/rc.firewall

##################################################

A very simple script that should get you going, but like anything it will need lots of fine tuning depending on what it's being used for. To make the script executable at the commandline type:

Code:

chmod +x /etc/rc.d/rc.firewall

If you have any other questions or need any help just ask away