Home > HowTo, Linux, Security > Iptables howto

Iptables howto

December 1st, 2008 Leave a comment Go to comments

IPTABLES basic commands

List current rules:

# iptables -L -v

Remove all previous rules:
# iptables -F

Don’t disconnect ESTABLISHED connections:
# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Drop any Broadcast and Multicast
# iptables -A INPUT -m pkttype –pkt-type broadcast -j DROP
# iptables -A INPUT -m pkttype –pkt-type multicast -j DROP

Log dropped packets to syslog, this would be the quickest way:
# iptables -I INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables Drop Packets: ”

Allow port:
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT

Log to syslog with full details:
# iptables -A INPUT -p tcp –dport 22 -j LOG –log-prefix “iptables port 22: ”

BLOCK everything else:
# iptables -A INPUT -j DROP

Saving iptables

If you were to reboot your machine right now, your iptables configuration would disappear.
Rather than type this each time you reboot, however, you can save the configuration,
and have it start up automatically. To save the configuration, you can use
# iptables-save
and
# iptables-restore

Securing against IP Attacks
This module offers a protection against the Spoofing acctack based on masking or supplanting the identity. IP spoofing, consists of which an attacker wants nonauthorized access to an equipment or a network faking to be that a malicious message comes from a reliable machine doing “spoofing” of direction IP of that machine. Also evasodroping communcations, and the famous Man-in-The-Middle attack or (MTNM Attack):
echo 1 > /proc/sys/net/ipv4/conf/ * /rp_filter

One is able to ignore broadcasts, something that will provide an additional protection against ARP attacks and ARP SPOOFING, in any case, the direction mac that would be obtained would be the one of the ROUTER in case of an attack from the outside. In case the equipment is a router, it is necessary to consider other types of additional protection.

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
There are many posible defense against attacks, for more read here:

  1. No comments yet.
  1. No trackbacks yet.

VAMOVE *

*