Scribd
Upload
147 views

Firewall - Iptables

This document provides instructions for performing basic tasks on a system's firewall using Iptables, including listing existing rules, adding rules to allow new HTTP connections on port 80, deleting rules, and inserting rules in a specific position. It also gives an example of Iptables commands to set default policies to drop for INPUT and FORWARD chains, accept loopback traffic, allow established/related connections, masquerade NAT, and reject forwarding from outside to inside.

Uploaded by

florinn81
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
147 views

Firewall - Iptables

This document provides instructions for performing basic tasks on a system's firewall using Iptables, including listing existing rules, adding rules to allow new HTTP connections on port 80, deleting rules, and inserting rules in a specific position. It also gives an example of Iptables commands to set default policies to drop for INPUT and FORWARD chains, accept loopback traffic, allow established/related connections, masquerade NAT, and reject forwarding from outside to inside.

Uploaded by

florinn81
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Firewall - Iptables

Lab 1
Purpose: perform basic tasks on systems firewall.
Procedure:
To list the current content of filter table:
[root@alexrh ~]# iptables --list
It is possible to liste rule line number also:
[root@alexrh ~]# iptables --list --line-numbers
Try -v(vv) options also.
Note: connections can be tested with nc (netcat tool)
To add a rule for new http connections:
[root@alexrh ~]# iptables -A INPUT -p tcp -m state --state NEW --dport
80 -j ACCEPT
To delete the newly added rule:
[root@alexrh ~]# iptables -D INPUT -p tcp -m state --state NEW --dport
80 -j ACCEPT
To insert the rule in a specific position:
[root@alexrh ~]# iptables -I INPUT 5 -p tcp -m state --state NEW -dport 80 -j ACCEPT

Lab 2
Iptables example:
iptables -P FORWARD DROP
iptables -P INPUT DROP

# Always accept loopback traffic


iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state state
ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

You might also like