wiki:Csle2022/Agenda/FW

Version 6 (modified by geethike, 2 years ago) ( diff )

--

What is a Firewall?

Firewall is a network security system that filters and controls the traffic on a predetermined set of rules. This is an intermediary system between the device and the internet.

How the Firewall of Linux works:

Most of the Linux distro’s ship with default firewall tools that can be used to configure them. We will be using “IPTables” the default tool provided in Linux to establish a firewall. Iptables is used to set up, maintain and inspect the tables of the IPv4 and IPv6 packet filter rules in the Linux Kernel.

Chains :-

Chains are a set of rules defined for a particular task.

We have three chains(set of rules) which are used to process the traffic:-

  1. INPUT Chains
  2. OUTPUT Chains
  3. FORWARD Chains

1. INPUT Chains

Any traffic coming from the internet(network) towards your local machine has to go through the input chains. That means they have to go through all the rules that have been set up in the Input chain.

2. OUTPUT Chains

Any traffic going from your local machine to the internet needs to go through the output chains.

3. FORWARD Chain

Any traffic which is coming from the external network and going to another network needs to go through the forward chain. It is used when two or more computers are connected and we want to send data between them.

Different Policies :-

There are three actions which the iptables can perform on the traffic

1.ACCEPT
2.DROP
3.REJECT

1. ACCEPT

When traffic passes the rules in its specified chain, then the iptable accepts the traffic. That means it opens up the gate and allows the person to go inside the kingdom of Thanos.

2. DROP

When the traffic is unable to pass the rules in its specified chain, the iptable blocks that traffic. That means the firewall is closed.

3. REJECT

This type of action is similar to the drop action but it sends a message to the sender of the traffic stating that the data transfer has failed. As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see.

NOTE:- You need to keep in mind a simple rule here:-
The Rules you set in the iptables are checked from the topmost rules to the bottom. Whenever a packet passes any of the top rules, it is allowed to pass the firewall. The lower rules are not checked. So be careful while setting up rules.

iptables Lab

In this lab, you will setup a Basic Firewall Rules with iptables.

Attachments (6)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.