2. Topic CoveredTopic Covered
What is Firewall ?.
Types of Firewall.
What is Iptables ?.
Packet Processing In Iptables.
Various Commands.
Example.
3. What is FirewallWhat is Firewall
A firewall is a software or hardware-
based network security system that
controls the incoming and outgoing
network traffic by analyzing the data
packets and determining whether they
should be allowed through or not, based
on applied rule set.
A firewall establishes a barrier between a
trusted, secure internal network and
another network (e.g., the Internet) that is
not assumed to be secure and trusted.[
4. Types of FirewallTypes of Firewall
There are different types of firewalls
depending on where the communication is
taking place, where the communication is
intercepted and the state that is being
traced :->
1.Network Layer/Packet Filters.
2.Application layer.
3.Proxies.
4.Network Address Translation(NAT).
5. Types of FirewallTypes of Firewall
Network layer or packet filters
Network layer firewalls, also called
packet filters, operate at a relatively low level
of the TCP/IP protocol stack, not allowing
packets to pass through the firewall unless
they match the established rule set. The
firewall administrator may define the rules;
or default rules may apply.
The term "packet filter" originated in the
context of BSD operating systems.
6. Types of FirewallTypes of Firewall
Stateful and Stateless Network LayerStateful and Stateless Network Layer
Stateful Stateless
Stateful firewalls maintain
context about active sessions,
and use that "state
information" to speed packet
processing. If a packet does not
match an existing connection, it
will be evaluated according to
the ruleset for new
connections. If a packet
matches an existing connection
based on comparison with the
firewall's state table, it will be
allowed to pass without
further processing.
Stateless firewalls require less
memory, and can be faster for
simple filters that require less
time to filter than to look up a
session.They may also be
necessary for filtering stateless
network protocols that have
no concept of a session.
However, they cannot make
more complex decisions based
on what stage communications
between hosts have reached.
7. Types of FirewallTypes of Firewall
Application Layer:-> Application-layer firewalls
work on the application level of the TCP/IP stack
(i.e., all browser traffic, or all telnet or ftp traffic),
and may intercept all packets travelling to or from
an application and they block other packets.
-> Application firewalls function by determining
whether a process should accept any given
connection. Application firewalls accomplish their
function by hooking into socket calls to filter the
connections between the application layer and the
lower layers of the OSI model. Application
firewalls that hook into socket calls are also
referred to as socket filters
8. Types of FirewallTypes of Firewall
Proxies:-> A proxy server may act as a firewall by
responding to input packets (connection requests,
for example) in the manner of an application,
while blocking other packets.
A proxy server is a gateway from one network to
another for a specific network application, in the
sense that it functions as a proxy on behalf of the
network user.
Intruders may hijack a publicly reachable system
and use it as a proxy for their own purposes; the
proxy then masquerades as that system to other
internal machines
9. Types of FirewallTypes of Firewall
Network Address Translation(NAT):->
->Firewalls often have network address
translation (NAT) functionality, and the
hosts protected behind a firewall
commonly have addresses in the "private
address range", as defined in RFC 1918.
-> Firewalls often have such functionality to
hide the true address of protected hosts.
10. IP-TABLESIP-TABLES
Iptables is the firewall used on the Linux
platform.
Prior to Iptables and Ipchains were among
the most popular Linux firewalls.
They had certain imperfections which were
fixed, resulting in a new product from the
NetFilter organization called IP-TABLES.
RedHat and Fedora Linux have made
Iptables their default pre-installed firewall
package.
11. Packet Processing In IptablesPacket Processing In Iptables
Every packet passes via a series of built-in
queues called tables for processing.
Basically, there are three tables:
-> Filter Table: The default table for handling
network packets.
-> NAT Table: Used to alter packets that create a
new connection.
-> Mangle Table: Used for specific types of packet
alteration. It is a combination of both filter and Nat
table.
12. Option used in Iptable commandsOption used in Iptable commands
When using the iptables command, specify
the following options:
◦ Packet Type : Dictates what type of packets
the command filters.
◦ Packet Source/Destination : Dictates which
packets the command filters based on the
source or destination of the packet.
◦ Target : Dictates what action is taken on
packets matching the above criteria.
13. Various CommandsVarious Commands
–A : Appends the iptables rule to the end of
the specified chain.
–F : Flushes the selected chain, which
effectively deletes every rule in the the
chain.
–L : Lists all of the rules in the chain
specified after the command.
iptables –L <chain-name> –t <table-name>
–N : Creates a new chain with a user-
specified name.
–P : Sets the default policy for a particular
chain, so that when packets traverse an
entire chain without matching a rule, they
will be sent on to a particular target, such as
ACCEPT or DROP.
14. General Iptables Match CriteriaGeneral Iptables Match Criteria
Iptables command Description
-t <table> If you don't specify a table, then the filter table is assumed. As
discussed before, the possible built-in tables include: filter, nat, mangle
-j <target> Jump to the specified target chain when the packet matches the
current rule.
-p <protocol-type> Match protocol. Types include, icmp, tcp, udp, and
all
-s/-d <ip-address> Match source/destination IP address
-i <interface-
name>
Match "input" interface on which the packet enters.
-o <interface-
name>
Match "output" interface on which the packet exits
15. Loading Kernel Modules Needed ByLoading Kernel Modules Needed By
IptablesIptables
The iptables application requires you to load certain
kernel modules to activate some of its functions.
Whenever any type of NAT is required, the iptable_nat
module needs to be loaded. The ip_conntrack_ftp
module needs to be added for FTP support and should
always be loaded with the ip_conntrack module which
tracks TCP connection states.
# File: /etc/rc.local
# Module to track the state of connections
modprobe ip_conntrack
# Load the iptables active FTP module, requires
ip_conntrack
modprobe ip_conntrack_ftp
# Load iptables NAT module when required
modprobe iptable_nat
# Module required for active an FTP server using NAT
modprobe ip_nat_ftp
16. Example:Example: Allowing DNS Access ToAllowing DNS Access To
FirewallFirewall
#-------------------------------------------------
-----
# Allow outbound DNS queries from the FW
and the replies too
# Interface eth0 is the internet interface
# Zone transfers use TCP and not UDP. Most
home networks
# websites using a single DNS server won't
require TCP statements
#-------------------------------------------------
-----
iptables -A OUTPUT -p udp -o eth0
--dport 53 --sport 1024:65535 -j
ACCEPT
iptables -A INPUT -p udp -i eth0
--sport 53 --dport 1024:65535 -j
ACCEPT
17. Allowing Firewall To Access TheAllowing Firewall To Access The
InternetInternet
# Allow port 80 (www) and 443 (https) connections from
the firewall
iptables -A OUTPUT -j ACCEPT -m state
--state NEW,ESTABLISHED,RELATED -o eth0
-p tcp -m multiport --dport 80,443 -m
multiport --sport 1024:65535
# Allow previously established connections
# - Interface eth0 is the internet interface
iptables -A INPUT -j ACCEPT -m state
--state ESTABLISHED,RELATED -i eth0 -p
tcp
If you want all TCP traffic originating from the firewall to
be accepted, then remove the line:
-m multiport --dport 80,443 -m multiport
--sport 1024:65535