IPTables: Filtering

From Define Wiki
Jump to navigation Jump to search

Filtering Rules

The Filter rules filter packets based on the admin information. The rules can be edited uusing the iptables command.

The iptables command should be based the '-t filter' option. But the filter table is used by default so does not need to be passed.

There are four basic actions that can be passed: 

iptables -A  #Append A rule
iptables -D # Delete A Rule
itables -L #List All Rules
iptables -F #Flush the Rules

List the Rules

To see the rules that are currently in place use the '-L' flag. The rules are shown in three tables based on the direction of the packet. In the example there are currently no rules set up. 

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Flush the Rules

Append / Delete A Rule

Table Types

In order to control IPTables you need to be able to add, remove and edit the rules. This can be done using the '-A' and '-D' flags.

As Shown in the list above, the rules are seperated into three tables: Input, Output and Forwarding. In order to chnage the rules, a table must be specified: 

iptables -A  INPUT
iptables -A  OUTPUT
iptables -A  FORWARD

iptables -D  INPUT
iptables -D  OUTPUT
iptables -D  FORWARD

Packet Pattern

The Packet Pattern set the condition that must be matched for the rule to be applied. The two simplest types of patterns are: 

iptables -A <table> -s <ip_address>  #Source Address Pattern
iptables -A <table> -d <ip_address>  #Destination Address Pattern
iptables -A <table> -p <type of packet> #UDP, TCP or ICMP
iptables -A <table> -t <type of packet> --dport <port number>  #protocol and port

Action to Take (-j)

Once a rule has been matched the action specified is taken. There are three types of actions that can be used. 

iptables -A <table> <pattern> -j DROP        #Drop the packet with no message sent back
iptables -A <table> <pattern> -j REJECT      #Drop the packet with a message sent back
iptables -A <table> <pattern> -j ACCEPT      #Accept the packet according the the table
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=IPTables:_Filtering&oldid=3122"