The Linux administrator should understand the usage of 20 IPTables firewall rules

The Linux administrator should understand the usage of 20 IPTables firewall rules

Managing network traffic is one of the most difficult tasks that must be handled by the system administrator. We must specify that users connected to the system meet the incoming and outgoing firewall requirements to protect the system from attacks to the maximum extent.

Many users regard IPTables in Linux as a firewall. In strict opinion, IPTables is only a command line tool that helps administrators define various rules and communicate with Linux Kernel. It only helps administrators configure the list of inbound and outbound rules for network traffic. The specific implementation is actually in the Linux kernel.

IPTables includes a set of built-in and user-defined rules. The administrator can append various packet processing rules on the chain.

• FILTER filters tables by default. The built-in links include:
  • INPUT: process incoming data packets.
  • FORWARD: process data packets routed through the system
  • OUTPUT: Processes local outbound data packets.
• The table that implements network address translation through NAT. the built-in links include:
  • PREROUTING: processes incoming packets.
  • OUTPUT: processes locally generated data packets.
  • POSTROUTING: Process outgoing packets
• MANGLE this table is used to change the data packet, a total of five links:
  • PREROUTING: process incoming connections
  • OUTPUT: processes locally generated data packets.
  • INPUT: process packets
  • POSTROUTING: Process outgoing packets
  • FORWARD: process data packets forwarded through the Local Machine

Next, we will briefly introduce the most common IPTables rules for Linux administrators.

1. Start, stop, and restart IPTables

Although IPTables is not a service, you can manage its status like a service in Linux.

SystemD-Based System
Systemctl start iptables
Systemctl stop iptables
Systemctl restart iptables

SysVinit-Based System
/Etc/init. d/iptables start
/Etc/init. d/iptables stop
/Etc/init. d/iptables restart

2. View IPtables firewall policies

You can use the following command to view the IPtables firewall policy:
Iptables-L-n-v

The above command should return the data output:

The above command is to view the default FILTER table. If you only want to view a specific table, you can keep up with the name of the table to be viewed separately after the-t parameter. For example, to view only the rules in the NAT table, run the following command:
Iptables-t nat-L-v-n

For more iptables tutorials, see the following:

Disable the default firewall in CentOS 7.0 and enable the iptables firewall.

Iptables examples

Linux Firewall iptables

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

Iptables firewall settings in Linux

3. Shielding an IP address

If you publish an IP address to import attacks or abnormal traffic to the server, you can use the following rules to shield its IP address:
Iptables-a input-s xxx. xxx-j DROP

Note that you need to change the preceding XXX to the actual IP address to be blocked. The-A parameter indicates that this rule is appended at the end of the INPUT chain. (Rules in IPTables match from top to bottom. Once the match is successful, the matching will not continue)

If you only want to block TCP traffic, you can use the-p parameter specified protocol, for example:
Iptables-a input-p tcp-s xxx. xxx-j DROP

4. Unseal an IP address

To unban IP addresses, run the following command to delete them:
Iptables-d input-s xxx. xxx-j DROP

The-D parameter indicates that one or more rules are deleted from the chain.

5. Use IPtables to close a specific port

Most of the time, we need to block the network connection of a specific port. You can use IPtables to close a specific port.

Block specific outgoing connections:
Iptables-a output-p tcp -- dport xxx-j DROP

Block specific incoming connections:
Iptables-a input-p tcp -- dport xxx-j ACCEPT

6. Use Multiport to control multiple ports

Using multiport, we can write multiple ports to a single rule at a time. For example:
Iptables-a input-p tcp-m multiport -- dports 22,80, 443-j ACCEPT
Iptables-a output-p tcp-m multiport -- sports 22,80, 443-j ACCEPT

7. Use IP address ranges in rules

In IPtables, the IP address range can be expressed directly using CIDR, for example:
Iptables-a output-p tcp-d 192.168.100.0/24 -- dport 22-j ACCEPT

8. Configure port forwarding

Sometimes we need to forward a service traffic of the Linux server to another port. You can use the following command:
Iptables-t nat-a prerouting-I eth0-p tcp -- dport 25-j REDIRECT -- to-port 2525

The preceding command redirects all traffic destined for port 25 of the eth0 Nic to port 2525.

9. Block HTTP service Flood attacks

Sometimes a user initiates a large number of connection requests on a service, such as HTTP 80. In this case, we can enable the following rules:
Iptables-a input-p tcp -- dport 80-m limit -- limit 100/minute -- limit-burst 200-j ACCEPT

The above command limits the number of connections to 100 per minute, and sets the upper limit to 200.

10. PING prohibited

To disable PING in Linux, you can use the following rules to Block ICMP incoming connections:
Iptables-a input-p icmp-I eth0-j DROP

11. allow access to the loopback network card

Loop Back access (127.0.0.1) is important. We recommend that you enable the following services:
Iptables-a input-I lo-j ACCEPT
Iptables-a output-o lo-j ACCEPT

12. Shielding the specified MAC address

Use the following rules to block the specified MAC address:
Iptables-a input-m mac -- mac-source 00: 00: 00: 00: 00-j DROP

13. Limit the number of concurrent connections

If you do not want too many concurrent connections from a specific port, you can use the following rules:
Iptables-a input-p tcp -- syn -- dport 22-m connlimit -- connlimit-abve 3-j REJECT

The preceding rules limit no more than three connections per client.

For more details, please continue to read the highlights on the next page:

1 2 Next Page