Linux: IPTables
Firewalls
Traditionally firewalls were only needed between LAN connections. However as security issues increased there was a need to add firewalls to every system.
Firewalls consist of layers of security. In Linux that includes pack filters such as IPTables, TCP Wrappers to control traffic, and servuce specific controls.
Network Packets and IPTables
IPTables is a packet filter. In order to understand IPtables, it is necessary to understand how data is sent over a network. Data is broken down into packets before being sent. These packets are then reassembled at the destination.
Each packet contains the data to be sent, and administrative information including the source, destinations and type of data. IPTables examines this information to determine if the packet should be sllowed to pass.
Starting and Stopping IPTABLES
IPtables can be started, stopped and reset using the services command, or through init.d
/etc/init.d/iptables {start|stop|restart|condrestart|status|panic|save}
service iptables {start|stop|restart|condrestart|status|panic|save}IPTables Rules
In order to determine what should happen to a packet, IPPTables applies a set of rules. Each rule specifies a condition a packet must meet, and an action to be taken should the condition be true.
The IPTables command uses this basic syntax
iptables -t type <action direction> <packet pattern> -j <action>Table Types (-t)
There are two table types that can be used: filter and nat. The filter type is used by default is the -t flag is not used. The rules can be edited using the iptables command, system-config-firewall command or manually added to the /etc/sysconfig/iptables file.
When manually changing the /etc/sysconfig/iptables file, iptables must be restarted after editing for the changed to be take effect.
There two commands that can be used to edit the IPTables rules: