Introduction to IPTables

A firewall is a form of network security that allows or denies incoming and out-going data. Linux (like all or most operating systems) has firewall software. Many Linux systems use a program/daemon called “iptables” or “ufw” as the firewall software. Using firewalls helps protect the system from malware. However, firewalls alone are not enough, but they do help prevent malware, data-theft, etc. Admins and many general Linux users may find it beneficial to learn about “iptables”.

“iptables” is a popular Linux firewall daemon. Since it is a important part of the security system, Root privileges are required when using the “iptables” command.

To list the current rules used by iptables, type “iptables -L”. Append the “-v” parameter to the same command to list the rules in more detail.

iptables can allow or deny incoming traffic (input), outgoing traffic (output), and pass-through data (forward). It can also restrict specific ports and network protocols. Common command-line usage is seen below.

iptables -A INPUT -p udp –dport 5198 -j ACCEPT
iptables -A OUTPUT -p udp –dport 5198 -j ACCEPT
iptables -A INPUT -p tcp –dport 5200 -j ACCEPT

Notice the general format – iptables -A TRAFFIC -p PROTOCOL –dport PORT_NUM -j PERMISSION

Users can specify the traffic type (TRAFFIC) such as “INPUT”, “OUTPUT”, and “FORWARD”. The “-A” parameter stands for “append” and it adds the specified rule to the firewall rules.

The “-p” parameter is used to specify the protocol such as “udp” and “tcp”.

“–dport” is used to declare a specific port (if needed).

The “-j” specifies what to do when traffic meets the declared criteria. The choices are “ACCEPT”, “REJECT”, “DROP”, and “LOG”.

“ACCEPT” indicates that the packet (or packets) are permitted/accepted.

“REJECT” indicates that the packet is not permitted and the sender will be notified that the sent packet was rejected.

“DROP” indicates that the packet is rejected. However, the sender will not be notified of this decision.

“LOG” is used to log the packet.

With the “-i” parameter, the user can specify certain network interfaces. This allows network admins to allow certain traffic on one network card (like Ethernet or Wifi), but have a different set of rules for another network card of the same computer/router.

The “-s” and “-d” parameters allow admins to make rules specific to sources and destinations, respectively. Users can specify sources and destinations by IP address or domain name (if domain name look-ups are permitted/possible).

iptables -A INPUT -p all -i wlan0 -j ACCEPT

Further Reading

https://wiki.archlinux.org/index.php/Iptables
http://flex-fw.net

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

Linux.org

Popular Posts
  • No Popular Post Available