- Kali Linux Tutorial
- Kali Linux - Home
- Installation & Configuration
- Information Gathering Tools
- Vulnerability Analyses Tools
- Kali Linux - Wireless Attacks
- Website Penetration Testing
- Kali Linux - Exploitation Tools
- Kali Linux - Forensics Tools
- Kali Linux - Social Engineering
- Kali Linux - Stressing Tools
- Kali Linux - Sniffing & Spoofing
- Kali Linux - Password Cracking Tools
- Kali Linux - Maintaining Access
- Kali Linux - Reverse Engineering
- Kali Linux - Reporting Tools
- Kali Linux Useful Resources
- Kali Linux - Quick Guide
- Kali Linux - Useful Resources
- Kali Linux - Discussion
Learn How to Manage System Firewall using Iptables in Linux
Iptables and ip6tables are used to established, maintain, and check up on the tables of IPv4 and IPv6 packet filter ideas in the Linux kernel. Several distinct tables may be defined. Each table contains a quantity of constructed-in chains and may also contain person-outlined chains. Let us explore about how to manage a system firewall using Iptables in Linux.
Installing IP tables
To install IP tables, use the following command –
$sudo apt-get install iptables
The sample output should be like this –
Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libecap3 squid-common squid-langpack Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: iptables 0 upgraded, 1 newly installed, 0 to remove and 261 not upgraded. Need to get 266 kB of archives. After this operation, 1,663 kB of additional disk space will be used. Get:1 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 iptables amd64 1.6.0-2ubuntu3 [266 kB] ...........................................................................
IP tables help
To get more options about IP tables, use the following command –
$ iptables --help
The sample output should be like this –
iptables v1.6.0 Usage: iptables -[ACD] chain rule-specification [options] iptables -I chain [rulenum] rule-specification [options] iptables -R chain rulenum rule-specification [options] iptables -D chain rulenum [options] iptables -[LS] [chain [rulenum]] [options] iptables -[FZ] [chain] [options] iptables -[NX] chain iptables -E old-chain-name new-chain-name iptables -P chain target [options] iptables -h (print this help information) Commands: Either long or short options are allowed. --append -A chainAppend to chain --check -C chainCheck for the existence of a rule --delete -D chainDelete matching rule from chain --delete -D chain rulenum Delete rule rulenum (1 = first) from chain --insert -I chain [rulenum] Insert in chain as rulenum (default 1=first) --replace -R chain rulenum Replace rule rulenum (1 = first) in chain --list -L [chain [rulenum]] List the rules in a chain or all chains --list-rules -S [chain [rulenum]] ..............................................................................
Display the status of firewall
To display the status of firewall, use the following command –
$ sudo iptables -L -n -v
The sample output should be like this –
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Starting the firewall
To start the firewall, use the following command –
$ sudo service iptables start
Stopping the firewall
To stop the firewall, use the following command –
$ sudo service iptables stop
Restart the firewall
To Restart the firewall, use the following command –
$sudo service iptables restart
Block all Connections
To block all connections from the IP address, use the following command –
$ sudo iptables -A INPUT -s 100.100.100.100 -j DROP
In the above command, 100.100.100.100 is the example of an IP address.
Blocking a specific Site
To block specific site, use the following command –
$ sudo iptables -A OUTPUT -p tcp -d 100.100.100.100/20 -j DROP
In the above command, 100.100.100.100/20 is the port of particular IP address.
Example
For instance, for blocking a site named www.orkut.com, use the below command line –
$ sudo whois 104.198.199.158
In the above command, 104.198.199.158 indicates the ip of Orkut.com and the result should be like this –
...........................
NetRange: 104.196.0.0 - 104.199.255.255
CIDR: 104.196.0.0/14
NetName: GOOGLE-CLOUD
NetHandle: NET-104-196-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google Inc. (GOOGL-2)
RegDate: 2014-08-27
Updated: 2015-09-21
.................................................
Copy the CIDR and use the following command to block orkut.com as shown below –
$sudo iptables -A OUTPUT -p tcp -d 104.196.0.0/14 -j DROP
Saving rules
To save the above rule, use the following command –
$ sudo /sbin/iptables-save
The sample output should be like this –
# Generated by iptables-save v1.6.0 on Tue Jan 24 11:14:39 2017 *filter :INPUT ACCEPT [258:45283] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [233:43953] -A INPUT -s 10.10.10.10/32 -j DROP -A OUTPUT -d 104.196.0.0/14 -p tcp -j DROP -A OUTPUT -d 104.196.0.0/14 -p tcp -j DROP COMMIT # Completed on Tue Jan 24 11:14:39 2017
Block the incoming ping request
To block the incoming ping request, use the following command –
$ sudo iptables -A INPUT -p icmp -i eth0 -j DROP
Droping unused packets
To drop unused packets in IP tables, use the following command –
$sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
Block IP spoofing on public
To log and block IP spoofing on public, use the following command –
$sudo iptables -A INPUT -i eth1 -s 100.100.100.100/24 -j LOG --log-prefix "IP_SPOOF A:" $sudo iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
Accepting the traffic from mac address
To accept the traffic from mac address, use the following command –
$sudo iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
Blocking the traffic from mac address
To block the traffic from mac address, use the following command –
$sudo iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
Accepting the open range of port
To accept the open range of port, use the following command-
$sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7000:7010 -j ACCEPT
Setting the HTTP request to iptables
To set the HTTP request to iptables, use the following command –
$ sudo iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 50 --connlimit-mask 24 -j DROP
In the above command, we have given 50 request permission.
Setting ssh connections per client host
To set ssh connections per client host, use the following command –
$sudo iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 10 -j REJECT
In the above command, we have given 10 ssh connections per client host.
Flusing the IP table rules
To flush the all IP table rules, use the following command –
$ sudo iptables --flush
In the above article, we have learnt about – Learn how to manage system firewall using iptables in Linux. In our next articles, we will come up with more Linux based tricks and tips. Keep reading.
- Related Articles
- Learn How to Manage Various Logs using Logrotate in Linux
- How to setup firewall in Linux?
- How to Forward Ports With Iptables in Linux?
- Learn How to Setup Email Services using Postfix in Linux
- How to Install “IPFire” Free Firewall Linux Distribution
- 5 Useful Commands to Manage File Types and System Time in Linux
- Learn Modern Service Management System (Systemd) on Linux
- How to Learn SAP ERP System?
- Most Frequently Used Linux IPTables Rules with Examples
- How to disable windows firewall profiles using PowerShell?
- How to Install Ajenti Control Panel to Manage Linux Servers
- How to Create a File in the Linux/Unix system using terminal?
- How to create key binds in the Linux system using the terminal?
- Introduction to Iptables
- How to get windows firewall profile settings using PowerShell?
