Changes between Version 24 and Version 25 of Csle2022/Agenda/FW


Ignore:
Timestamp:
Nov 29, 2022, 9:10:50 PM (2 years ago)
Author:
geethike
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Csle2022/Agenda/FW

    v24 v25  
    9393}}}
    9494
     95Before making our firewall rules, check your connection to Ubuntu Machine using following methods. Please replace VM ip according to your setup. You can view your ip either using GUI or Terminal.
     96
     971. Ping from your host machine to ubuntu VM
     98{{{
     99ping <ubuntu VM ip>
     100}}}
     101
     1022. Check web server by typing following in your Host machine browser
     103{{{
     104http://ubuntu VM ip
     105}}}
     106
     1073. Using a VNC client. (if you don't have vnc client in host pc, please install)
     108
    95109= Making your First Rule :=
    96110''' 1. Implementing a DROP rule :'''
     
    105119We’ll take an example to understand the topic.
    106120
    107 Let’s assume we want to block the traffic coming from an IP address 192.168.1.3. The following command can be used:-
    108 {{{
    109 sudo iptables -A INPUT -s 192.168.1.3 -j DROP
     121Let’s assume we want to block the traffic coming from an IP address 192.168.1.4. The following command can be used:-
     122{{{
     123sudo iptables -A INPUT -s 192.168.1.4 -j DROP
    110124}}}
    111125This may look complicated, but most of it will make sense when we go over the components:-
     
    118132In this flag the rules are added to the top of the chain.
    119133
    120 '''-s 192.168.1.3:-'''
    121 The flag -s is used to specify the source of the packet. This tells the iptable to look for the packets coming from the source 192.168.1.3
     134'''-s 192.168.1.4:-'''
     135The flag -s is used to specify the source of the packet. This tells the iptable to look for the packets coming from the source 192.168.1.4
    122136
    123137'''-j DROP'''
    124138This specifies what the iptable should do with the packet.
    125139
    126 In short, the above command adds a rule to the INPUT chain which says, if any packet arrives whose source address is 192.168.1.3 then drop that packet, that means do not allow the packet reach the computer.
     140In short, the above command adds a rule to the INPUT chain which says, if any packet arrives whose source address is 192.168.1.4 then drop that packet, that means do not allow the packet reach the computer.
     141
     142As a result it will disconnect your ssh connection to Ubuntu Machine.
     143
     144Now go to Ubuntu Desktop and open the Terminal program and execute following command as root.
    127145
    128146Once you execute the above command you can see the changes by using the command:-
     
    132150
    133151The Output would be:-
    134 image
     152[[Image(image2.png)]]
    135153
    136154'''2. Implementing a ACCEPT rule :'''