IPtables in linux

Posted on by hecsan9634

When People say Linux can’t be hack, I smile. Like any operating system, Linux is not immune to being hacked. However, Linux is generally considered to be more secure than other operating systems, particularly when it is properly configured and maintained.

There are many ways that a hacker could potentially gain access to a Linux system, such as by exploiting vulnerabilities in software, guessing or cracking passwords, or using malware to gain a foothold on the system. However, there are also many measures that can be taken to secure a Linux system and make it more resistant to attacks, such as installing security updates, using strong passwords, and configuring the firewall and other security features properly.

It is important to keep in mind that no system is completely secure, and it is always a good idea to be vigilant and take steps to protect your system from potential attacks.

I have used IPtables in the past when I was in the ECPI cyber team. What are IPtables?

IPtables is a tool used to control incoming and outgoing network traffic on a Linux machine. It does this by setting up rules that define which traffic is allowed and which is not. These rules are stored in tables, and each table is made up of chains of rules that are applied to incoming or outgoing traffic.

For example, you might set up a rule that allows incoming traffic to a web server on port 80 (for HTTP traffic) and another rule that blocks all incoming traffic from a certain IP address. When a packet of data arrives at the machine, iptables checks the rules in the appropriate chain to see if the packet should be allowed or blocked. If a rule matches the packet, the packet is either allowed through (if the rule says to ACCEPT it) or is dropped (if the rule says to DROP it). If no matching rule is found, the packet is allowed through by default.

IPtables can be used to set up a simple firewall to protect a machine from malicious traffic, or to control access to and from specific ports and IP addresses. It is a powerful tool that is commonly used to secure Linux servers.

The way I would use iptables is just write the commands in a text file and as you find more bad actors, you just paste the new ip into the file. This was back in the days, the way I would do it now is by writing a bash script that it keeps the script running at all times, basically a while loop and keep it while true until someone enters a certain number or even a letter like q or Q. It is not that hard to write a bash script for it.

Here are a few examples of IPtables commands:

  • iptables -A INPUT -p tcp --dport 80 -j ACCEPT: This command adds a rule to the INPUT chain (which handles incoming traffic) to allow incoming traffic to TCP port 80 (which is used for HTTP). The -A option adds the rule to the end of the chain, and the -j option specifies the target action to take when the rule is matched (in this case, ACCEPT means to allow the packet).
  • iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT: This command adds a rule to the INPUT chain to allow incoming traffic from the 192.168.1.0/24 subnet on the eth0 interface. The -i option specifies the interface, and the -s option specifies the source address.
  • iptables -A INPUT -p icmp -j DROP: This command adds a rule to the INPUT chain to drop (block) all incoming ICMP packets. The -p option specifies the protocol (in this case, icmp), and the -j option specifies the target action to take when the rule is matched (in this case, DROP means to drop the packet).

Here is an example of a bash script that sets up a firewall using iptables. This script allows incoming SSH, HTTP, and HTTPS traffic, and blocks all other incoming traffic. It also allows all outgoing traffic.

#!/bin/bash

# Flush all current rules from iptables
iptables -F

# Allow incoming SSH, HTTP, and HTTPS traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow all outgoing traffic
iptables -A OUTPUT -j ACCEPT

# Block all other incoming traffic
iptables -A INPUT -j DROP

To install iptables on a Debian-based system (such as Ubuntu), you can use the apt-get command as follows:

sudo apt-get update
sudo apt-get install iptables

This will install the iptables package and its dependencies.

On a CentOS or Fedora system, you can use the yum command as follows:

sudo yum update
sudo yum install iptables-services

This will install the iptables package and enable it to start at boot time.

On a Red Hat Enterprise Linux (RHEL) system, you can use the yum command as follows:

sudo yum update
sudo yum install iptables-services

This will install the iptables package and enable it to start at boot time.

On an openSUSE system, you can use the zypper command as follows:

sudo zypper update
sudo zypper install iptables

This will install the iptables package.

Once the iptables package is installed, you can start using it by running iptables commands as the root user. Note that the firewall rules are not persisted across reboots by default, so if you want the rules to be applied every time the system starts up, you will need to save them to the system’s iptables configuration.

Here is some more information:

Debian/Ubuntu: iptables-save > /etc/iptables/rules.v4
RHEL/CentOS: iptables-save > /etc/sysconfig/iptables

These files can be loaded again with the command iptables-restore for IPv4.

Debian/Ubuntu: iptables-restore < /etc/iptables/rules.v4
RHEL/CentOS: iptables-restore < /etc/sysconfig/iptables

Here are some resources that you can use for iptables: https://www.heficed.com/tutorials/vps/how-to-configure-iptables/

https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/

https://linux.die.net/man/8/iptables

https://upcloud.com/resources/tutorials/configure-iptables-ubuntu

This is all for now!

PEACE!!

What is your favorite firewall?

Published by hecsan9634