Lesson 10

Date: 4/2/2014
Basics of Linux Security
Linux for Engineering and IT Applications


IP filtering firewalls (iptables)

  • Packet filtering is implemented through Linux Kernel.
  • Linux network packet filtering tools:
       Kernel ≥ 2.4         iptables
       Kernel 2.2:          ipchains
       Kernel 2.0:          ipfwadm
    

    Chains for network packets:
          INPUT
          OUTPUT
          FORWARD
    
    Chains are combined into tables:
         filter (default)
         NAT
         mangle
    
    Each of the chains filters data packets based on
  • Source and Destination IP
  • Source and Destination Port number
  • Network interface
  • State of the packet
    Target for the rule:
         ACCEPT
         DROP
         REJECT
         QUEUE
         RETURN
         LOG
    
    
  • FILTER TABLE



    Check iptables filter configuration:

    /sbin/iptables -L -t filter


    Reference: packet-filtering-HOWTO



  • Take me to the Course Website