How to use IPTables. What is IPTables? – Part 1
Many people may not be aware but Linux and many unix like operating systems have a firewall built into it, which is most commonly known as iptables. Unlike most consumer-based firewalls, iptables is CLI or command line interface based. Although there are a variety of point and click graphical interfaces available. Most of the time they hide most of the functionality of the CLI. So in my opinion it’s best to learn how to operate iptables via the command line rather than rely on a GUI. At first it may seem difficult but with practice, it will become much easier.
Before I start; I’d like to note that while writing this article. It ended up quite long. I will break it down into multiple blog entries over the course of the month. So the majority of content can be kept. As well as you, the reader hopefully won’t get overwhelmed.
This initial article will cover basic background information. Which will be important for understanding the future material.
Basics:
Iptables use three main concepts: ip addresses, different protocols [tcp/udp] as well as port numbers. For those unfamiliar with the terms I will give a general description:
IP Address: this is a code made up of numbers separated by three dots that identifies a particular computer on the Internet. Which consist of four sets of numbers from 0 to 255, separated by three dots. For example “66.72.98.236”
Protocol: When computers communicate with each other, there needs to be a common set of rules and instructions that each computer follows. A specific set of communication rules is called a protocol. In plain English: you can think of them as different languages. Two computers must be able to speak the same “language” to be able to communicate properly.
Port Numbers: This is a number that indicates what kind of protocol a server on the Internet is using. For example, Web servers typically are listed on port 80. Web browsers use this port by default when accessing Web pages, but you can also specify what port you would like to use in the URL like this: http://www.gbservers.co.uk:80
(Definition excerpts from: techterms.com)
IPtables consists of three main tables or functions. Which all the traffic flowing in/out of the network card is checked against and the appropriate response is taken. Depending on what rules are listed in the tables. The three primary tables are as follows along with a basic description.
Forward: This is used when you want the packets to simply pass through. Without any direct action being taken i.e the host is acting as a router.
Input: This means any network traffic destined for the particular host.
Output: The opposite of input. This is used for any traffic that originated from the host.
The entry that gets the majority of use is typically Input. Since creating a rule using Input can help secure your system and keep prying eyes out. Firewall rules are created using the above three tables. As well as two main actions, which are: Accept or Drop. Accept meaning the packet is allowed in, Drop means it gets discarded or thrown away. Each packet is screened against the list of rules. If a packet gets to the end, without a match. Then the default rule(s) will be applied. The most common is usually: deny all incoming traffic.
There are two ways you can set up the filtering. One way is to set up a default rule to allow all traffic. Then set specific rules to deny certain traffic. The second method (more common) is to set specific rules to allow only certain traffic through. All other traffic not meeting the list will be thrown away. Typically the first method would use Output to filter traffic, we normally trust traffic leaving our computers. Input would be used for traffic coming into the machine, since we wouldn’t trust it quite as readily to be safe.
I will end this first article here. If you wish you can research on how to install IPTables on your computer/server. Also you can practice starting and stopping the firewall. For the second article, we will start to get some hands-on practice with the basic commands and rule sets that were discussed in this article. The next article should be more enjoyable rather than just theory. But understanding the basics is very important. Until then I hope this has been informative.
1 Comments