Posts Tagged ‘filtering’

IPtables Revisited

Some basics of iptables  here

Command to view the contents of different chains

>iptables -L

Command to fush the rules from the chains

>iptables – F


1.root login is necessary for all the commands related to iptables.

2.Use “ man “ options to get details of the commands i.e “man iptables(in small letters)”

Some rules I practised:

1.      Don’t accept any packets other than ip =”xyz”.

Iptables -A INPUT  ! -s -j DROP

2.      Accept packets only from ip =” xyz”

iptables -A INPUT ! -s -j DROP

iptables -A INPUT -s “xyz” -j ACCEPT

3.      Don’t accept any packets other than mac address =”xyz”.

iptables -A INPUT -m mac ! –mac-source 12:43:32:23:43:23 -j DROP

4.      Accept packets only from mac address =” xyz”

iptables -A INPUT -m mac ! –mac-source 12:43:32:23:43:23 -j DROP

iptables -A INPUT -m mac –mac-source 12:43:32:23:43:23 -j ACCEPT

5.      Don’t accept any packets from  ip =”xyz” and mac address =” “.

iptables -A INPUT ! -s -m mac ! –mac-source 12:32:43:56:21:23 -j DROP

6.      Accept packets only from  ip =”xyz” and mac address =” “

iptables -A INPUT ! -s -m mac ! –mac-source 12:32:43:56:21:23 -j DROP

iptables -A INPUT -s -m mac –mac-source 12:32:43:56:21:23 -j ACCEPT

7.      Accept only tcp connection

iptables -A INPUT ! -p tcp -j DROP

iptables -A INPUT -p tcp -j ACCEPT

8.      Don’t accept packets of udp

iptables -A INPUT  -p udp -j DROP

9.      Don’t Accept packets who’s tcp status is SYN

iptables -A INPUT -p tcp –syn -j DROP

10.      Limit number of tcp connection on the system

iptables -A INPUT -p tcp –syn –dport 23 -m connlimit –connlimit-above 2 -j DROP

11.      Create your own chain .

iptables -N MYCHAIN

12.      Delete our own chain

iptables -X MYCHAIN

13.      Add the some rules in your chain and try out

iptables -A MYCHAIN -s -j DROP

14.      Delete specific rule in your chain.

iptables -D MYCHAIN -s -j DROP

Wroking with iptables

Iptables: Is an application that allows network administrator to create rules on Kernel level firewall. It also one kind of packet filtering mechanism. The iptables were purely written in the C Language. Iptables are used with IP V4.

Iptables executable binary file can be found in the /sbin/iptables(type “which iptables” in the terminal see the result). Iptables requires root access to work with. User must be logged in as root to view, append, delete or change existing rules.

The Linux kernel contains the built-in ability to filter packets, allowing some of them into the system while stopping others. Most of the Linux Kernels come with the following tables

1) nat: This is the default table for handling network packets.

2) filter: This table used to alter packets that create a new connection.

3) mangle: This table is used for specific types of packet alteration.

Each of these tables in turn have a group of built-in chains, they are

  1. INPUT — This chain applies to packets received via a network interface.
  2. OUTPUT — This chain applies to packets sent out via the same network interface which received the packets.
  3. FORWARD — This chain applies to packets received on one network interface and sent out on another.

Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE the packet to be passed to user-space. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy.

The iptables command allows you to configure these rule lists, as well as set up new tables to be used for your particular situation