IPTABLES basic commands
List current rules:
# iptables -L -v
Remove all previous rules:
# iptables -F
Don’t disconnect ESTABLISHED connections:
# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
Drop any Broadcast and Multicast
# iptables -A INPUT -m pkttype –pkt-type broadcast -j DROP
# iptables -A INPUT -m pkttype –pkt-type multicast -j DROP
Log dropped packets to syslog, this would be the quickest way:
# iptables -I INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables Drop Packets: ”
Allow port:
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT
Log to syslog with full details:
# iptables -A INPUT -p tcp –dport 22 -j LOG –log-prefix “iptables port 22: ”
BLOCK everything else:
# iptables -A INPUT -j DROP
Saving iptables
If you were to reboot your machine right now, your iptables configuration would disappear.
Rather than type this each time you reboot, however, you can save the configuration,
and have it start up automatically. To save the configuration, you can use
# iptables-save
and
# iptables-restore
Securing against IP Attacks
This module offers a protection against the Spoofing acctack based on masking or supplanting the identity. IP spoofing, consists of which an attacker wants nonauthorized access to an equipment or a network faking to be that a malicious message comes from a reliable machine doing “spoofing” of direction IP of that machine. Also evasodroping communcations, and the famous Man-in-The-Middle attack or (MTNM Attack):
echo 1 > /proc/sys/net/ipv4/conf/ * /rp_filter
One is able to ignore broadcasts, something that will provide an additional protection against ARP attacks and ARP SPOOFING, in any case, the direction mac that would be obtained would be the one of the ROUTER in case of an attack from the outside. In case the equipment is a router, it is necessary to consider other types of additional protection.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
There are many posible defense against attacks, for more read here: