Guide |
Managing network traffic is one of the toughest tasks a system administrator has to deal with, and we need to specify that users connecting to the system meet the ingress and egress requirements of the firewall to maximize system protection against attack. Many users use Linux IPTables as a firewall, and from a strict standpoint IPTables is just a command-line tool that helps administrators define rules and communicate with Linux Kernel. It just helps administrators configure the list of incoming and outgoing rules for network traffic, which is actually implemented in the Linux kernel. |
IPTables includes a set of built-in and user-defined "chains," where administrators can attach various packet processing rules on the chain.
- Filter default filtering table, the built-in chain is:
- INPUT: Processing incoming packets to local
- FORWARD: Handling packets routed through the system
- OUTPUT: processing Local outgoing packets
- NAT implements a table for network address translation, with the built-in chain:
- Prerouting: Processing Incoming packets
- OUTPUT: Processing locally generated packets
- Postrouting: Processing Outgoing packets
- MANGLE This table is used to change packets, a total of 5 links:
- Prerouting: Handling Incoming connections
- OUTPUT: Processing locally generated packets
- INPUT: Processing messages
- Postrouting: Processing Outgoing packets
- FORWARD: Handling packets forwarded through a native
The next step is to introduce the IPTables rules that 25 Linux administrators use most often.
1. Start, stop, and restart Iptables
Although IPTables is not a service, its state can be managed as a service in Linux.
SYSTEMD-based Systems
Systemctl start iptablessystemctl stop iptablessystemctl restart Iptables
Sysvinit-based Systems
/etc/init.d/iptables start/etc/init.d/iptables stop/etc/init.d/iptables Restart
2. View Iptables Firewall Policy
You can use the following command to view the IPtables firewall policy:
Iptables-l-n-v
The above command should return the output of the data:
The above command is to view the default FILTER table, and if you only want to view a specific table, you can follow the- T parameter followed by the name of the table you want to view separately. For example, to view only the rules in a NAT table, you can use the following command:
Iptables-t nat-l-v–n
3. Block an IP address
If you publish an IP to import an attack or abnormal traffic to the server, you can use the following rules to mask its IP address:
Iptables-a input-s xxx.xxx.xxx.xxx-j DROP
Note that you need to change the above XXX to the actual IP address to be masked, where the -a parameter is appended to this rule at the end of the INPUT chain. (The rules in IPTables are matched from top to bottom, and once the match is successful, no further matching will be made.)
If you only want to block TCP traffic, you can use the specified protocol for the- p parameter, for example:
Iptables-a input-p tcp-s xxx.xxx.xxx.xxx-j DROP
4. Unlock an IP address
To unblock an IP address, you can delete it using the following command:
iptables-d input-s xxx.xxx.xxx.xxx-j DROP
Where the- D parameter indicates that one or more rules are removed from the chain.
5. Use iptables to close specific ports
Many times, we need to block a particular port's network connection, and you can use IPtables to close a specific port.
To block a specific outgoing connection:
Iptables-a output-p TCP--dport xxx-j DROP
To block a specific incoming connection:
Iptables-a input-p TCP--dport xxx-j ACCEPT
6, using Multiport control multi-Port
With Multiport we can write multiple ports in a single rule at once, for example:
Iptables-a INPUT- p tcp-m multiport--dports 22,80,443-j acceptiptables-a output-p tcp-m multiport--sports 22,8 0,443-j ACCEPT
7. Use IP address ranges in rules
The IP address range in IPtables can be expressed directly using CIDR, for example:
Iptables-a output-p tcp-d 192.168.100.0/24--dport 22-j ACCEPT
8. Configure Port Forwarding
Sometimes we need to forward some service traffic from the Linux server to the other port, at which point we can use the following command:
Iptables-t nat-a prerouting-i eth0-p tcp--dport 25-j REDIRECT--to-port 2525
The above command forwards all traffic that reaches the Eth0 NIC 25 port to port 2525.
9. Block HTTP Service flood attack
Sometimes a user initiates a large number of connection requests on a service, such as HTTP 80, at which point we can enable the following rules:
Iptables-a input-p tcp--dport 80-m limit--limit 100/minute--limit-burst 200-j ACCEPT
The above command restricts the connection to 100 per minute and is set to a maximum of 200.
10. Prohibit Ping
For Linux-Forbidden pings, you can use the following rules to mask ICMP Incoming connections:
Iptables-a input-p icmp-i eth0-j DROP
11. Allow access to the loopback network card
Loopback Access (127.0.0.1) is more important and is recommended for everyone to open:
Iptables-a input-i lo-j acceptiptables-a output-o lo-j ACCEPT
12. Block the specified MAC address
Use the following rules to mask the specified MAC address:
Iptables-a Input-m mac--mac-source 00:00:00:00:00:00-j DROP
13. Limit the number of concurrent connections
If you do not want to have too many concurrent connections from a particular port, you can use the following rules:
Iptables-a input-p TCP--syn--dport 22-m connlimit--connlimit-above 3-j REJECT
The above rules limit no more than 3 connections per client.
14. Clear Iptables Rules
To empty the IPtables chain, you can use the following command:
Iptables-f
To clear a specific table, you can specify it with the- T parameter, for example:
Iptables-t nat–f
15. Save Iptables Rules
By default, the Administrator's action on the IPtables rule takes effect immediately. However, since the rules are stored in memory, restarting the system will cause the configuration to be lost, and to permanently save the IPtables rule you can use the iptables-save command:
Iptables-save > ~/iptables.rules
Save the name you can change it yourself.
16. Restore Iptables Rules
You can restore a saved rule by using the iptables-restore command:
Iptables-restore < ~/iptables.rules
17, allow the establishment of related connections
With the separation of network traffic, the following rules can be used to allow incoming connections to be established:
Iptables-a input-m conntrack--ctstate established,related-j ACCEPT
Rules that allow outgoing related connections to be established:
Iptables-a output-m conntrack--ctstate established-j ACCEPT
18. Discard Invalid packets
Many cyber attacks attempt to use a hacker's custom illegal packet, and we can discard invalid packets using the following command:
Iptables-a input-m conntrack--ctstate invalid-j DROP
19. Iptables blocking mail sending rules
If your system is not used for mail sending, we can block SMTP outgoing ports in the rules:
Iptables-a output-p TCP--dports 25,465,587-j REJECT
20. Block the connection to a network card
If your system has more than one network card, we can restrict IP range access to a certain network card:
Iptables-a input-i eth0-s xxx.xxx.xxx.xxx-j DROP
The source address can be either IP or CIDR.
20 iptables firewall Rule usage!