Learn How to Manage System Firewall using Iptables in Linux

LinuxSafe & SecurityNetwork

Iptables and ip6tables are used to established, maintain, and check up on the tables of IPv4 and IPv6 packet filter ideas in the Linux kernel. Several distinct tables may be defined. Each table contains a quantity of constructed-in chains and may also contain person-outlined chains. Let us explore about how to manage a system firewall using Iptables in Linux.

Installing IP tables

To install IP tables, use the following command –

$sudo apt-get install iptables

The sample output should be like this –

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libecap3 squid-common squid-langpack
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
iptables
0 upgraded, 1 newly installed, 0 to remove and 261 not upgraded.
Need to get 266 kB of archives.
After this operation, 1,663 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 iptables amd64 1.6.0-2ubuntu3 [266 kB]
...........................................................................

IP tables help

To get more options about IP tables, use the following command –

$ iptables --help

The sample output should be like this –

iptables v1.6.0

Usage: iptables -[ACD] chain rule-specification [options]
      iptables -I chain [rulenum] rule-specification [options]
      iptables -R chain rulenum rule-specification [options]
      iptables -D chain rulenum [options]
      iptables -[LS] [chain [rulenum]] [options]
      iptables -[FZ] [chain] [options]
      iptables -[NX] chain
      iptables -E old-chain-name new-chain-name
      iptables -P chain target [options]
      iptables -h (print this help information)
   
Commands:
Either long or short options are allowed.
   --append -A chainAppend to chain
   --check -C chainCheck for the existence of a rule
   --delete -D chainDelete matching rule from chain
   --delete -D chain rulenum
      Delete rule rulenum (1 = first) from chain
   --insert -I chain [rulenum]
      Insert in chain as rulenum (default 1=first)
   --replace -R chain rulenum
      Replace rule rulenum (1 = first) in chain
   --list -L [chain [rulenum]]
      List the rules in a chain or all chains
   --list-rules -S [chain [rulenum]]
..............................................................................

Display the status of firewall

To display the status of firewall, use the following command –

$ sudo iptables -L -n -v

The sample output should be like this –

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
   pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
   pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
   pkts bytes target prot opt in out source destination

Starting the firewall

To start the firewall, use the following command –

$ sudo service iptables start

Stopping the firewall

To stop the firewall, use the following command –

$ sudo service iptables stop

Restart the firewall

To Restart the firewall, use the following command –

$sudo service iptables restart

Block all Connections

To block all connections from the IP address, use the following command –

$ sudo iptables -A INPUT -s 100.100.100.100 -j DROP

In the above command, 100.100.100.100 is the example of an IP address.

Blocking a specific Site

To block specific site, use the following command –

$ sudo iptables -A OUTPUT -p tcp -d 100.100.100.100/20 -j DROP

In the above command, 100.100.100.100/20 is the port of particular IP address.

Example

For instance, for blocking a site named www.orkut.com, use the below command line –

$ sudo whois 104.198.199.158

In the above command, 104.198.199.158 indicates the ip of Orkut.com and the result should be like this –

...........................
NetRange:          104.196.0.0 - 104.199.255.255
CIDR:              104.196.0.0/14
NetName:           GOOGLE-CLOUD
NetHandle:         NET-104-196-0-0-1
Parent:            NET104 (NET-104-0-0-0-0)
NetType:           Direct Allocation
OriginAS:          AS15169
Organization:      Google Inc. (GOOGL-2)
RegDate:           2014-08-27
Updated:           2015-09-21
.................................................

Copy the CIDR and use the following command to block orkut.com as shown below –

$sudo iptables -A OUTPUT -p tcp -d 104.196.0.0/14 -j DROP

Saving rules

To save the above rule, use the following command –

$ sudo /sbin/iptables-save

The sample output should be like this –

# Generated by iptables-save v1.6.0 on Tue Jan 24 11:14:39 2017
*filter
:INPUT ACCEPT [258:45283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [233:43953]
-A INPUT -s 10.10.10.10/32 -j DROP
-A OUTPUT -d 104.196.0.0/14 -p tcp -j DROP
-A OUTPUT -d 104.196.0.0/14 -p tcp -j DROP
COMMIT
# Completed on Tue Jan 24 11:14:39 2017

Block the incoming ping request

To block the incoming ping request, use the following command –

$ sudo iptables -A INPUT -p icmp -i eth0 -j DROP

Droping unused packets

To drop unused packets in IP tables, use the following command –

$sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

Block IP spoofing on public

To log and block IP spoofing on public, use the following command –

$sudo iptables -A INPUT -i eth1 -s 100.100.100.100/24 -j LOG --log-prefix "IP_SPOOF A:"
$sudo iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

Accepting the traffic from mac address

To accept the traffic from mac address, use the following command –

$sudo iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT

Blocking the traffic from mac address

To block the traffic from mac address, use the following command –

$sudo iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

Accepting the open range of port

To accept the open range of port, use the following command-

$sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7000:7010 -j ACCEPT

Setting the HTTP request to iptables

To set the HTTP request to iptables, use the following command –

$ sudo iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 50 --connlimit-mask 24 -j DROP

In the above command, we have given 50 request permission.

Setting ssh connections per client host

To set ssh connections per client host, use the following command –

$sudo iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 10 -j REJECT

In the above command, we have given 10 ssh connections per client host.

Flusing the IP table rules

To flush the all IP table rules, use the following command –

$ sudo iptables --flush

In the above article, we have learnt about – Learn how to manage system firewall using iptables in Linux. In our next articles, we will come up with more Linux based tricks and tips. Keep reading.

raja
Published on 23-Jan-2020 10:20:52
Advertisements