A
firewall is a device that filters traffic between networks, at least two. To purchase a firewall you can buy an appliance or physical device. It can also be implemented using an ordinary computer with two network cards. In this post we present a simple script to have a Firewall installed on Linux server, also explains some theory about the workings of iptables.
Beginning, there are two types of firewall:
network firewall, which protect a set of computers, monitors and write protocols and reports and logs are more expensive.
Before implementing a firewall is necessary to develop a security policy for the benefit of users, in other words you need to think:
service Reason People affected with the service
List and other services establish criteria to help secure the services Writing a report that considered rape if another type of access.
IPTables is in the kernel Linux from kernel 2.4. onwards. Iptables was created to apply filter rules. The rules are declared and submitted to the kernel, then, when the kernel receives the packet from the network, see the rules and decide an action effect that can be:
Nat: Altering packets that create new connection. Its rules are: PREROUTING and POSTROUTING
Mangle: Modify the package. Its rules are: PREROUTING and POSTROUTING
Another list of keywords in iptables are:
ACCEPT: Package is accepted and can travel to the destination
DROP: The packet does not have access to the system and not sent back to the server.
QUEUE: The package passed to user space. REJECT: Unlike DROP, the packet is sent and sends an error to the sender of the package.
- For example, to open ports navigation type in linux console:
- iptables-A INPUT-p tcp - sport 80-j ACCEPT
- iptables-A INPUT-p tcp - dport 80-j ACCEPT
- iptables-A INPUT-p tcp - dport 25-j ACCEPT iptables-A INPUT
- -p tcp - sport 25-j ACCEPT
- To make a simple iptables firewall, the first thing is to configure the linux server with two and configure network cards over the Internet between the cards. For the first card will go the internet and the second, the internal network.
- is important to note that the firewall is a mechanism that refers to rules that declare, therefore there will be consideration to write and understand each parameter if we are to have a good skill in configuación firewall. The configuration of a firewall is not an easy task, as it increases the amount of resources that will use the network traffic that controls the firewall, as a new laptop, video conferencing, more complex configurations requires rules protect the network.
# remove the Firewall iptables-F iptables-X iptables-Z
- # default policy all closed
- INPUT DROP iptables-P iptables-P OUTPUT
- DROP iptables-P FORWARD DROP #
Opening ports iptables-A INPUT-p tcp - sport 80-j ACCEPT iptables-A OUTPUT
-p tcp - dport 80-j ACCEPT iptables
-A INPUT-p udp - sport 53-j ACCEPT iptables-A OUTPUT -p udp - dport 53-j ACCEPT iptables-A INPUT-p tcp - sport 443-j ACCEPT iptables-A OUTPUT
-p tcp - dport 443-j ACCEPT # Converting Firewall Forward mode echo 1
> /
proc/sys/net/ipv4/ip_forward iptables-t nat-A POSTROUTING-s
- 10.0.0.0 / 8
- -o eth0-j MASQUERADE #
- Opening ports for FORWARD iptables-A FORWARD-p tcp - sport 80-j ACCEPT
- iptables-A FORWARD-p tcp - dport 80-j ACCEPT iptables-A
- FORWARD-p udp - sport 53-j ACCEPT iptables-A FORWARD -P udp - dport 53-j ACCEPT iptables-A
FORWARD-p tcp - sport 443-j ACCEPT iptables-A FORWARD
-p tcp - dport 443-j ACCEPT
#
EOF
To extend the knowledge about iptables can visit the Tutorial by Oskar Andreasson: http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
The project netfilter / iptables:
http://www.netfilter.org/projects/iptables/index.html