SlideShare una empresa de Scribd logo

Iptables fundamentals

R
ram_b17

This document provides an overview of iptables, the Linux firewall. It explains that iptables contains tables which contain chains, and chains contain rules. The main tables are filter, nat, mangle, and raw. The filter table contains the INPUT, OUTPUT, and FORWARD chains. The nat table contains PREROUTING, POSTROUTING, and OUTPUT chains. Chains contain rules that define packet filtering criteria and targets. Understanding iptables' structure of tables, chains and rules is essential for effectively managing Linux firewall rules.

Tecnología
1 de 18
Descargar para leer sin conexión
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 1 of 18 • Home • About • Free eBook • Archives • Best of the Blog • Contact Ads by Google Linux Server Firewall Linux Command Linux Download Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals by Ramesh Natarajan on January 24, 2011 2 46 Like 5 • Stum iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 2 of 18 iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy. This article is part of an ongoing iptables tutorial series. This is the 1st article in that series. This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules. On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets. So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 3 of 18 Fig: IPTables Table, Chain, and Rule Structure Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules. I. IPTABLES TABLES and CHAINS IPTables has the following 4 built-in tables. 1. Filter Table Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. • INPUT chain – Incoming to firewall. For packets coming to the local server. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 4 of 18 • OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. • FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. 2. NAT table Iptable’s NAT table has the following built-in chains. • PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). • POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). • OUTPUT chain – NAT for locally generated packets on the firewall. 3. Mangle table Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. • PREROUTING chain • OUTPUT chain • FORWARD chain • INPUT chain • POSTROUTING chain 4. Raw table Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains. • PREROUTING chain • OUTPUT chain The following diagram shows the three important tables in iptables. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 5 of 18 Fig: IPTables built-in tables II. IPTABLES RULES Following are the key points to remember for the iptables rules. • Rules contain a criteria and a target. • If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target. • If the criteria is not matached, it moves on to the next rule. Target Values Following are the possible special values that you can specify in the target. • ACCEPT – Firewall will accept the packet. • DROP – Firewall will drop the packet. • QUEUE – Firewall will pass the packet to the userspace. • RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 6 of 18 If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain. # iptables -t filter --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Do the following to view the mangle table. # iptables -t mangle --list Do the following to view the nat table. # iptables -t nat --list Do the following to view the raw table. # iptables -t raw --list Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same. # iptables -t filter --list (or) # iptables --list The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table. # iptables --list Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 7 of 18 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited The rules in the iptables –list command output contains the following fields: • num – Rule number within the particular chain • target – Special target variable that we discussed above • prot – Protocols. tcp, udp, icmp, etc., • opt – Special options for that specific rule. • source – Source ip-address of the packet • destination – Destination ip-address for the packet http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 8 of 18 2 46 Like 5 Share Comment • Stum If you enjoyed this article, you might also like.. 1. 50 Linux Sysadmin Tutorials • Awk Introduction Tutorial – 7 Awk Print Examples 2. 50 Most Frequently Used Linux Commands (With Examples) • Sed Tutorial: Advanced Sed Substitution Examples 3. Mommy, I found it! – 15 Practical Linux Find Command • 8 Essential Vim Editor Navigation Fundamentals Examples • 25 Most Frequently Used Linux IPTables Rules Examples 4. Turbocharge PuTTY with 12 Powerful Add-Ons • Advanced Regular Expressions in Grep Command with 10 5. 15 Awesome Google Search Tips and Tricks Examples http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 9 of 18 Tags: IPTables Tutorials, Ubuntu IPTables Firewall, UNIX IPTables { 18 comments… read them below or add one } 1 Pushpraj January 24, 2011 at 12:56 am very good….keep writing…… Thanks Pushpraj 2 pupu January 24, 2011 at 3:22 am Just note that DNAT and SNAT also stands for Dynamic and Static NAT, so don’t be confused when you read another text. Anyway, nice article, thanks! 3 Rendy January 24, 2011 at 3:22 am Thank You Ramesh…very clear! 4 vaisakh January 24, 2011 at 3:59 am Excellent .. I was searching for a good article about the fundamentals of IPtable.. Thanks. Also waiting for next part 5 Ben January 24, 2011 at 9:42 am http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 10 of 18 Nice article, look forward to rest of the series. Any idea when others will be out? 6 p campbell January 24, 2011 at 10:07 am Some of your articles are excellent for beginners but this is not a tutorial it is misnamed. 7 Waly DIOUF January 24, 2011 at 11:06 am This website is sooooo what I just need at work. Good work Ramesh, you’re a genuis. Thanks a lot 8 shakerlxxv January 24, 2011 at 12:49 pm Great topic. Looking forward to the rest of the series. 9 R January 24, 2011 at 1:36 pm Ramesh, You might want to include tutorial on fwbuilder, its a nice gui interface and used to manage firewall on 100′s of hosts. -R 10 shaheem January 25, 2011 at 1:21 am great stuff. also waiting for the follow up! 11 artie January 25, 2011 at 2:12 pm great read and informative. look forward to the follow up. 12 shezars January 28, 2011 at 2:28 am very helpfullllllll,,, wait, for your next part. 13 Will Knight January 31, 2011 at 10:07 am Good tutorial, I find iptables complex to understand but you have made it so easy, Thanks. 14 abc February 4, 2011 at 1:51 am http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 11 of 18 Very Nice tutorial. Thanks 15 saran February 10, 2011 at 10:00 am great starter to the series plz continue with the tutorial 16 abdul jamal February 18, 2011 at 9:37 am Nice job.I read it and got the concept where is confused.. i have some question and answers ,,u will help me out to be correct. Q1: Rule the matches ssh traffic(tcp,22) arriving through interface eth0. ans. iptables -A INPUT -i eth0 -p tcp –dport 22 OR iptables -A INPUT -i eth0 -p tcp –sport 22 Q2: Rule that matches traffic to a DNS server (udp,53) from any address in the range 10.0.0.0-10.0.0.255 Ans: iptable -A INPUT -m iprange –src-range 10.0.0.0-10.0.0.255 -d 10.19.6.142 (dns server) -p udp –dport 53 Q3:Rule that matches traffic from any address in the range 10.0.0.1 to 10.0.0.6,inclusive. Ans. iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6 Q4: Three rules that accept traffic from address 10.0.0.1 through 10.0.0.6, but drops traffic from 10.0.0.0 and 10.0.0.7 , without using any extension matches. Ans: iptable -A INPUT -s 10.0.0.0 -j DROP iptable -A INPUT -s 10.0.0.7 -j DROP iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6 -j ACCEPT thanks for the correct and replying 17 Ishara Fernando July 8, 2011 at 12:38 am Now only I understand the firewall concepts and the Iptable rules… Each and every technique of explaining the theories are brilliant Mr.Ramesh… Keep it up.. We all Are with YOU… 18 OKELLO August 16, 2011 at 2:39 am l think am beginning to understand the iptables, thanks man Leave a Comment http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 12 of 18 Name E-mail Website 5 6 c d e f g Notify me of followup comments via e-mail Submit Previous post: Expect Script Tutorial: Expressions, If Conditions, For Loop, and While Loop Examples Next post: 6 rsync Examples to Exclude Multiple Files and Directories using exclude-from • Sign up for our free email newsletter you@address.com Sign Up RSS Twitter Facebook Search http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 13 of 18 • • EBOOKS http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 14 of 18 • • POPULAR POSTS ◦ 12 Amazing and Essential Linux Books To Enrich Your Brain and Library ◦ 50 UNIX / Linux Sysadmin Tutorials ◦ 50 Most Frequently Used UNIX / Linux Commands (With Examples) ◦ How To Be Productive and Get Things Done Using GTD http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 15 of 18 ◦ 30 Things To Do When you are Bored and have a Computer ◦ Linux Directory Structure (File System Structure) Explained with Examples ◦ Linux Crontab: 15 Awesome Cron Job Examples ◦ Get a Grip on the Grep! – 15 Practical Grep Command Examples ◦ Unix LS Command: 15 Practical Examples ◦ 15 Examples To Master Linux Command Line History ◦ Top 10 Open Source Bug Tracking System ◦ Vi and Vim Macro Tutorial: How To Record and Play ◦ Mommy, I found it! -- 15 Practical Linux Find Command Examples ◦ 15 Awesome Gmail Tips and Tricks ◦ 15 Awesome Google Search Tips and Tricks ◦ RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams ◦ Can You Top This? 15 Practical Linux Top Command Examples ◦ Top 5 Best System Monitoring Tools ◦ Top 5 Best Linux OS Distributions ◦ How To Monitor Remote Linux Host using Nagios 3.0 ◦ Awk Introduction Tutorial – 7 Awk Print Examples ◦ How to Backup Linux? 15 rsync Command Examples ◦ The Ultimate Wget Download Guide With 15 Awesome Examples ◦ Top 5 Best Linux Text Editors ◦ Packet Analyzer: 15 TCPDUMP Command Examples ◦ The Ultimate Bash Array Tutorial with 15 Examples ◦ 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id ◦ Unix Sed Tutorial: Advanced Sed Substitution Examples ◦ UNIX / Linux: 10 Netstat Command Examples ◦ The Ultimate Guide for Creating Strong Passwords ◦ 6 Steps to Secure Your Home Wireless Network ◦ Turbocharge PuTTY with 12 Powerful Add-Ons http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 16 of 18 • http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 17 of 18 • About The Geek Stuff My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog. • Support Us Support this blog by purchasing one of my ebooks. Bash 101 Hacks eBook Sed and Awk 101 Hacks eBook Vim 101 Hacks eBook Nagios Core 3 eBook • Contact Us Email Me : Use this Contact Form to get in touch me with your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!. Follow us on Twitter Become a fan on Facebook Copyright © 2008–2011 Ramesh Natarajan. All rights reserved | Terms of Service | Advertise http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 18 of 18 http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011

Recomendados

Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Iptables
IptablesIptables
Iptablesleminhvuong
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linuxMandeep Singh
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using IptablesAhmed Mekkawy
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
IP tables
IP tablesIP tables
IP tablesaamodt
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Natnarayannpp
 

Recomendados

Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Iptables
IptablesIptables
Iptablesleminhvuong
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Iptables in linux
Iptables in linuxIptables in linux
Iptables in linuxMandeep Singh
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using IptablesAhmed Mekkawy
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
IP tables
IP tablesIP tables
IP tablesaamodt
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Natnarayannpp
 
Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Understanding iptables
Understanding iptablesUnderstanding iptables
Understanding iptablesDenys Haryachyy
 
IPTABLES
IPTABLESIPTABLES
IPTABLESTan Huynh Cong
 
IPTables Primer - Part 2
IPTables Primer - Part 2IPTables Primer - Part 2
IPTables Primer - Part 2Nishanth Kumar Pathi
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
03 linuxfirewall1
03 linuxfirewall103 linuxfirewall1
03 linuxfirewall1Iwan Threads
 
Firewall
FirewallFirewall
Firewallkhalid abdelazim
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network securityThanawan Tuamyim
 
Router commands
Router commandsRouter commands
Router commandsLaura Lahbib
 
IP Tables Primer - Part 1
IP Tables Primer - Part 1IP Tables Primer - Part 1
IP Tables Primer - Part 1n|u - The Open Security Community
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview3Anetwork com
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccnaernestlithur
 
Packet Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFPacket Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFRafat Khandaker
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab GuideSalachudin Emir
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercicessaqrjareh
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnaernestlithur
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logRafat Khandaker
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules exampleschinkshady
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall Syed fawad Gillani
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 

Más contenido relacionado

La actualidad más candente

Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configurationstom123
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network securityThanawan Tuamyim
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview3Anetwork com
 
Packet Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFPacket Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFRafat Khandaker
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercicessaqrjareh
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logRafat Khandaker
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 

La actualidad más candente (18)

Iptables Configuration
Iptables ConfigurationIptables Configuration
Iptables Configuration
 
Understanding iptables
Understanding iptablesUnderstanding iptables
Understanding iptables
 
IPTABLES
IPTABLESIPTABLES
IPTABLES
 
IPTables Primer - Part 2
IPTables Primer - Part 2IPTables Primer - Part 2
IPTables Primer - Part 2
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands Overview
 
03 linuxfirewall1
03 linuxfirewall103 linuxfirewall1
03 linuxfirewall1
 
Firewall
FirewallFirewall
Firewall
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network security
 
Router commands
Router commandsRouter commands
Router commands
 
IP Tables Primer - Part 1
IP Tables Primer - Part 1IP Tables Primer - Part 1
IP Tables Primer - Part 1
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
 
Packet Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFPacket Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPF
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-Wireshark
 

Similar a Iptables fundamentals

25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules exampleschinkshady
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 
IPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfIPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfmpassword
 
IP Tables And Filtering
IP Tables And FilteringIP Tables And Filtering
IP Tables And FilteringSuperstarRr
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1n|u - The Open Security Community
 
Iptablesrocks
IptablesrocksIptablesrocks
Iptablesrocksqwer_asdf
 
Chapter 6 firewall
Chapter 6 firewallChapter 6 firewall
Chapter 6 firewallnewbie2019
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linuxNouman Baloch
 
iptable casestudy by sans.pdf
iptable casestudy by sans.pdfiptable casestudy by sans.pdf
iptable casestudy by sans.pdfAdmin621695
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linuxaamir lucky
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301Chia-Hao Tsai
 
IP routing in linux
IP routing in linuxIP routing in linux
IP routing in linuxgamer007
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 

Similar a Iptables fundamentals (20)

25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
IPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfIPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdf
 
IP Tables And Filtering
IP Tables And FilteringIP Tables And Filtering
IP Tables And Filtering
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 
Iptablesrocks
IptablesrocksIptablesrocks
Iptablesrocks
 
Chapter 6 firewall
Chapter 6 firewallChapter 6 firewall
Chapter 6 firewall
 
12 - System Security in Red Hat
12 - System Security in Red Hat12 - System Security in Red Hat
12 - System Security in Red Hat
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linux
 
iptable casestudy by sans.pdf
iptable casestudy by sans.pdfiptable casestudy by sans.pdf
iptable casestudy by sans.pdf
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linux
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301
 
IP routing in linux
IP routing in linuxIP routing in linux
IP routing in linux
 
Network
NetworkNetwork
Network
 
Ip6 tables in linux
Ip6 tables in linuxIp6 tables in linux
Ip6 tables in linux
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 

Último

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Último (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

Iptables fundamentals

  • 1. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 1 of 18 • Home • About • Free eBook • Archives • Best of the Blog • Contact Ads by Google Linux Server Firewall Linux Command Linux Download Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals by Ramesh Natarajan on January 24, 2011 2 46 Like 5 • Stum iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 2. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 2 of 18 iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy. This article is part of an ongoing iptables tutorial series. This is the 1st article in that series. This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules. On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets. So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 3. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 3 of 18 Fig: IPTables Table, Chain, and Rule Structure Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules. I. IPTABLES TABLES and CHAINS IPTables has the following 4 built-in tables. 1. Filter Table Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains. • INPUT chain – Incoming to firewall. For packets coming to the local server. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 4. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 4 of 18 • OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server. • FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server. 2. NAT table Iptable’s NAT table has the following built-in chains. • PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT). • POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT). • OUTPUT chain – NAT for locally generated packets on the firewall. 3. Mangle table Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains. • PREROUTING chain • OUTPUT chain • FORWARD chain • INPUT chain • POSTROUTING chain 4. Raw table Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains. • PREROUTING chain • OUTPUT chain The following diagram shows the three important tables in iptables. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 5. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 5 of 18 Fig: IPTables built-in tables II. IPTABLES RULES Following are the key points to remember for the iptables rules. • Rules contain a criteria and a target. • If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target. • If the criteria is not matached, it moves on to the next rule. Target Values Following are the possible special values that you can specify in the target. • ACCEPT – Firewall will accept the packet. • DROP – Firewall will drop the packet. • QUEUE – Firewall will pass the packet to the userspace. • RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain. http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 6. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 6 of 18 If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain. # iptables -t filter --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Do the following to view the mangle table. # iptables -t mangle --list Do the following to view the nat table. # iptables -t nat --list Do the following to view the raw table. # iptables -t raw --list Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same. # iptables -t filter --list (or) # iptables --list The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table. # iptables --list Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 7. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 7 of 18 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited The rules in the iptables –list command output contains the following fields: • num – Rule number within the particular chain • target – Special target variable that we discussed above • prot – Protocols. tcp, udp, icmp, etc., • opt – Special options for that specific rule. • source – Source ip-address of the packet • destination – Destination ip-address for the packet http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 8. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 8 of 18 2 46 Like 5 Share Comment • Stum If you enjoyed this article, you might also like.. 1. 50 Linux Sysadmin Tutorials • Awk Introduction Tutorial – 7 Awk Print Examples 2. 50 Most Frequently Used Linux Commands (With Examples) • Sed Tutorial: Advanced Sed Substitution Examples 3. Mommy, I found it! – 15 Practical Linux Find Command • 8 Essential Vim Editor Navigation Fundamentals Examples • 25 Most Frequently Used Linux IPTables Rules Examples 4. Turbocharge PuTTY with 12 Powerful Add-Ons • Advanced Regular Expressions in Grep Command with 10 5. 15 Awesome Google Search Tips and Tricks Examples http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 9. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 9 of 18 Tags: IPTables Tutorials, Ubuntu IPTables Firewall, UNIX IPTables { 18 comments… read them below or add one } 1 Pushpraj January 24, 2011 at 12:56 am very good….keep writing…… Thanks Pushpraj 2 pupu January 24, 2011 at 3:22 am Just note that DNAT and SNAT also stands for Dynamic and Static NAT, so don’t be confused when you read another text. Anyway, nice article, thanks! 3 Rendy January 24, 2011 at 3:22 am Thank You Ramesh…very clear! 4 vaisakh January 24, 2011 at 3:59 am Excellent .. I was searching for a good article about the fundamentals of IPtable.. Thanks. Also waiting for next part 5 Ben January 24, 2011 at 9:42 am http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 10. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 10 of 18 Nice article, look forward to rest of the series. Any idea when others will be out? 6 p campbell January 24, 2011 at 10:07 am Some of your articles are excellent for beginners but this is not a tutorial it is misnamed. 7 Waly DIOUF January 24, 2011 at 11:06 am This website is sooooo what I just need at work. Good work Ramesh, you’re a genuis. Thanks a lot 8 shakerlxxv January 24, 2011 at 12:49 pm Great topic. Looking forward to the rest of the series. 9 R January 24, 2011 at 1:36 pm Ramesh, You might want to include tutorial on fwbuilder, its a nice gui interface and used to manage firewall on 100′s of hosts. -R 10 shaheem January 25, 2011 at 1:21 am great stuff. also waiting for the follow up! 11 artie January 25, 2011 at 2:12 pm great read and informative. look forward to the follow up. 12 shezars January 28, 2011 at 2:28 am very helpfullllllll,,, wait, for your next part. 13 Will Knight January 31, 2011 at 10:07 am Good tutorial, I find iptables complex to understand but you have made it so easy, Thanks. 14 abc February 4, 2011 at 1:51 am http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 11. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 11 of 18 Very Nice tutorial. Thanks 15 saran February 10, 2011 at 10:00 am great starter to the series plz continue with the tutorial 16 abdul jamal February 18, 2011 at 9:37 am Nice job.I read it and got the concept where is confused.. i have some question and answers ,,u will help me out to be correct. Q1: Rule the matches ssh traffic(tcp,22) arriving through interface eth0. ans. iptables -A INPUT -i eth0 -p tcp –dport 22 OR iptables -A INPUT -i eth0 -p tcp –sport 22 Q2: Rule that matches traffic to a DNS server (udp,53) from any address in the range 10.0.0.0-10.0.0.255 Ans: iptable -A INPUT -m iprange –src-range 10.0.0.0-10.0.0.255 -d 10.19.6.142 (dns server) -p udp –dport 53 Q3:Rule that matches traffic from any address in the range 10.0.0.1 to 10.0.0.6,inclusive. Ans. iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6 Q4: Three rules that accept traffic from address 10.0.0.1 through 10.0.0.6, but drops traffic from 10.0.0.0 and 10.0.0.7 , without using any extension matches. Ans: iptable -A INPUT -s 10.0.0.0 -j DROP iptable -A INPUT -s 10.0.0.7 -j DROP iptable -A INPUT -m iprange –src-range 10.0.0.1-10.0.0.6 -j ACCEPT thanks for the correct and replying 17 Ishara Fernando July 8, 2011 at 12:38 am Now only I understand the firewall concepts and the Iptable rules… Each and every technique of explaining the theories are brilliant Mr.Ramesh… Keep it up.. We all Are with YOU… 18 OKELLO August 16, 2011 at 2:39 am l think am beginning to understand the iptables, thanks man Leave a Comment http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 12. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 12 of 18 Name E-mail Website 5 6 c d e f g Notify me of followup comments via e-mail Submit Previous post: Expect Script Tutorial: Expressions, If Conditions, For Loop, and While Loop Examples Next post: 6 rsync Examples to Exclude Multiple Files and Directories using exclude-from • Sign up for our free email newsletter you@address.com Sign Up RSS Twitter Facebook Search http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 13. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 13 of 18 • • EBOOKS http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 14. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 14 of 18 • • POPULAR POSTS ◦ 12 Amazing and Essential Linux Books To Enrich Your Brain and Library ◦ 50 UNIX / Linux Sysadmin Tutorials ◦ 50 Most Frequently Used UNIX / Linux Commands (With Examples) ◦ How To Be Productive and Get Things Done Using GTD http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 15. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 15 of 18 ◦ 30 Things To Do When you are Bored and have a Computer ◦ Linux Directory Structure (File System Structure) Explained with Examples ◦ Linux Crontab: 15 Awesome Cron Job Examples ◦ Get a Grip on the Grep! – 15 Practical Grep Command Examples ◦ Unix LS Command: 15 Practical Examples ◦ 15 Examples To Master Linux Command Line History ◦ Top 10 Open Source Bug Tracking System ◦ Vi and Vim Macro Tutorial: How To Record and Play ◦ Mommy, I found it! -- 15 Practical Linux Find Command Examples ◦ 15 Awesome Gmail Tips and Tricks ◦ 15 Awesome Google Search Tips and Tricks ◦ RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams ◦ Can You Top This? 15 Practical Linux Top Command Examples ◦ Top 5 Best System Monitoring Tools ◦ Top 5 Best Linux OS Distributions ◦ How To Monitor Remote Linux Host using Nagios 3.0 ◦ Awk Introduction Tutorial – 7 Awk Print Examples ◦ How to Backup Linux? 15 rsync Command Examples ◦ The Ultimate Wget Download Guide With 15 Awesome Examples ◦ Top 5 Best Linux Text Editors ◦ Packet Analyzer: 15 TCPDUMP Command Examples ◦ The Ultimate Bash Array Tutorial with 15 Examples ◦ 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id ◦ Unix Sed Tutorial: Advanced Sed Substitution Examples ◦ UNIX / Linux: 10 Netstat Command Examples ◦ The Ultimate Guide for Creating Strong Passwords ◦ 6 Steps to Secure Your Home Wireless Network ◦ Turbocharge PuTTY with 12 Powerful Add-Ons http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 16. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 16 of 18 • http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 17. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 17 of 18 • About The Geek Stuff My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog. • Support Us Support this blog by purchasing one of my ebooks. Bash 101 Hacks eBook Sed and Awk 101 Hacks eBook Vim 101 Hacks eBook Nagios Core 3 eBook • Contact Us Email Me : Use this Contact Form to get in touch me with your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!. Follow us on Twitter Become a fan on Facebook Copyright © 2008–2011 Ramesh Natarajan. All rights reserved | Terms of Service | Advertise http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011
  • 18. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals Page 18 of 18 http://www.thegeekstuff.com/2011/01/iptables-fundamentals/ 14.10.2011