IPTables

From Network Security Wiki
Jump to navigation Jump to search




IPTables

List rules

iptables -L

Allow SSH

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Allow incoming web traffic

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Blocking Traffic

iptables -A INPUT -j DROP
iptables -A INPUT -i ens160 -s 10.140.198.7  -j DROP

Allow loopback

iptables -I INPUT 1 -i lo -j ACCEPT

Logging

iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Stop iptables

iptables -F

Check Stats:

iptables -nvL

Flush Chain:

iptables --flush MYCHAIN

Delete Empty Chain:

iptables -X MYCHAIN


Saving Rules

Export rules:

iptables-save > /etc/iptables.conf

Restore them on every reboot:

sudo nano /etc/rc.local
iptables-restore < /etc/iptables.conf

UFW

Basic Usage

Installation

sudo apt-get install ufw
sudo apt-get install gufw
sudo ufw enable
gufw

To check your current settings:

sudo ufw status verbose

To add firewall rules:

sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 5353/udp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny from 192.168.1.5 to any                            # Block specific IP address
sudo ufw deny from 202.54.1.5 to any port 80                     # Block specific IP and port number i.e Block Spammers
sudo ufw deny proto tcp from 202.54.1.1 to any port 22           # Deny specific IP, port number, and protocol
sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22        # Block Subnet

Add a Rule to the Top of the List:

sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'

Delete Specific Rules:

sudo ufw status numbered
sudo ufw delete 4

Confirm your changes:

sudo ufw status verbose
sudo ufw status numbered
sudo ufw show added
sudo ufw show listening
sudo ufw show builtins
sudo ufw show before-rules
sudo ufw show user-rules
sudo ufw show after-rules
sudo ufw show logging-rules

Manage Application Traffic:

sudo ufw app list
sudo ufw app info Samba
sudo ufw allow from 192.168.1.0/24 to any app Samba

Check Stats:

sudo ufw show raw

Re-check enable (required):

sudo ufw enable

Reset UFW:

sudo ufw reset

Receive the UDP multicast traffic

sudo ufw allow in proto udp to 224.0.0.0/4
sudo ufw allow in proto udp from 224.0.0.0/4

This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through:

sudo nano /etc/ufw/before.rules

and add the following lines somewhere before the COMMIT line:

# allow IGMP
-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT



Internet Connection Sharing using UFW

sudo ufw allow from 192.168.1.0/29
sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
sudo nano /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1
sudo nano /etc/ufw/before.rules

Add rules for nat table

*nat
:POSTROUTING ACCEPT [0:0]

Forward traffic from eth0 through ppp0

-A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE

Commit preceding nat table rules

COMMIT
sudo service ufw restart



blog comments powered by Disqus