Wise people learn when they can; fools learn when they must - Arthur Wellesley

Sunday, 24 June 2018

RHEL6–39– IP TABLES IN LINUX -1



                         RHEL6–39– IP TABLES IN LINUX -1

What is IP Tables and its significance,

 Other Posts under IPTABLES series,

IP TABLES IN LINUX -P1
IP TABLES IN LINUX -P2
IP TABLES IN LINUX -P3
IP TABLES IN LINUX -P4
IP TABLES IN LINUX -P5
IP TABLES IN LINUX -P6
IP TABLES IN LINUX -P7

In my opinion the simplest definition of IPTables is,
What I want to pass will pass rest everything will be dropped. Means here we are creating rules not to block, we are creating rules only to allow. Rest everything will be blocked.

IP Tables is command line utility to configure/access/implement firewall, and firewall is implemented in Linux by NETFILTER PROJECT / FRAMEWORK/ SUBSYSTEM.
So, firewall is based on Netfilter and what is this Netfilter, as the name suggests it should be something related to filtering of network.

What is Firewall?
Firewall is a device/system or set of rules that enforces an access control policy between networks by filtering incoming and outgoing network traffic.

How it is achieved?
By Packet Filtering… Right?        … Yes

What is Packet Filtering?
To understand this, we need to know how the data flow in network, and what an IP packet contains,

·       The source IP address and port
·       The destination IP address and port
·       Information about the protocol by which the packet is to be handled
·       Error checking information
·       The data, acknowledgment, request or command from the originating system
·       Usually, some sort of information about the type and status of the data being sent

Let’s say there is an encapsulated data packet, where header is attached at respective layers with corresponding info. Header includes source/destination IP, ports and protocol used.

So, what does our Netfilter do?

Filtering examines header details of the packets (depending upon the configured rules) at the bottom most layer of the network software of an OS. In the case of incoming packets, filtering occurs soon after they are received by the NIC, and in the case of outgoing packets, it occurs just as they are about to be sent out via the NIC. The filtering is also applicable to packets with addresses belonging to the loop back interface (127.0.0.0).

Basic building blocks of IP Tables,

1. TABLES
2. CHAINS
3. TARGET

Specific Tables are used for specific purpose, Tables consists of Chains and Chains consists of set of rules, these Rules consists decision of what to do with IP Packets if matched, when matched Target comes in picture, Target can be another chain to match with some special values.

IPTables consists of following Tables,

FILTER TABLE: This is default tables used for packet filtering, match the packet / look in to the packet and filter them a/c to matched Target.

Targets are,

ACCEPT:   Allow the packets to pass on.
REJECT:   Do not allow packets to pass and send acknowledgement.
DROP:     Do not allow packets to pass and don’t send acknowledgement.
LOG:      Logs info about packets to “/var/log/firewall” log.
RETURN:   Bypass the current chain and go back to the next rule from the    chain it was called in.


Filter Table has following built in Chains…

INPUT CHAIN:   Rules for incoming packets from outside.
OUTPUT CHAIN: Rules for outgoing packets from server.
FORWARD CHAIN: Rules for incoming packets from outside but not destined to server, this case applies when server is acting as router connecting two networks.

NAT TABLE: used for network address translation (NAT)
RAW TABLE: used for configuring exemptions from connection tracking, and it is checked before any other table.
MANGLE TABLE: used for specialized packet alteration
SECURITY TABLE: used for Mandatory Access Control (MAC) networking rules

Config Files:

Main config file for IPTables is /etc/sysconfig/iptables-config.

/etc/sysconfig/iptables contain/save the rules added to firewall.

We are continuing here with FILTER TABLE ONLY,

We have two options to go for IPTables implementation, either we can set a POLICY or we can add a RULE to a chain.

If we go with POLICY, it defines default behavior which is ACCEPT. If there are no RULES in chain the default POLICY is applied.


[root@rhel6-server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@rhel6-server ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

here “-t” is for TABLE NAME and “-L” is to list the rules.

RULES:

Rules are completely dependent upon Criteria and Target,

If criteria matched, check the target rule and act accordingly.
If criteria do not match, move to next rule.

Cont,



Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)