Scribd
Upload
13 views

Experiment 9 IPTables

Uploaded by

Tanushree Shetty
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views

Experiment 9 IPTables

Uploaded by

Tanushree Shetty
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

System Administration Lab Manual (2023-24) MPSTME

Experiment 9: IP Tables

Aim: To configure IP tables on Ubuntu system

Learning Outcomes:
After completion of this experiment, student should be able to

1. Understand need for firewall.


2. Configure iptables on a Ubuntu system

Theory:

Iptables is an extremely flexible firewall utility built for Linux operating systems. iptables is a
command-line firewall utility that uses policy chains to allow or block traffic. When a connection
tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it
doesn’t find one, it resorts to the default action. iptables almost always comes pre-installed on
any Linux distribution. To update/install it, just retrieve the iptables package.

Types of Chains iptables uses three different chains: input, forward, and output.

Input – This chain is used to control the behavior for incoming connections. For example, if a
user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port
to a rule in the input chain.

Forward – This chain is used for incoming connections that aren’t actually being delivered
locally. Think of a router – data is always being sent to it but rarely actually destined for the
router itself; the data is just forwarded to its target. Unless you’re doing some kind of routing,
NATing, or something else on your system that requires forwarding, you won’t even use this
chain.

Output – This chain is used for outgoing connections.

Procedure:
Do the following task and upload your document along with review questions on
student portal

Task 1: Display of current policy


 Execute sudo iptables –L command
Task 2: Changing default policy
 sudo iptables - - policy INPUT DROP
 sudo iptables - - policy OUTPUT DROP
 sudo iptables - - policy FORWARD DROP
Page 21
System Administration Lab Manual (2023-24) MPSTME
Task 3: Blocking a particular IP address
sudo iptables –A INPUT –s 10.10.10.10 –j DROP

Task 4: Blocking of an entire subnet


sudo iptables –A INPUT –s 10.10.1.0/24 –j DROP

Task 5: Blocking of a particular service


sudo iptables –A INPUT –p tcp - - dport ftp -s 10.10.10.10 –j DROP

Task 6: Allowing services from outside which use two way communication
 sudo iptables –A INPUT –i eth0 –p tcp - - dport ssh –j ACCEPT
 sudo iptables –A OUTPUT –o eth0 -p tcp - - sport ssh –j ACCEPT

Task 7: Blocking a particular website access


 host –t A www.nmims.edu
 sudo iptables –A OUTPUT –p tcp –d [IP address of nmims.edu] –j DROP

Task 8: Insert a rule at line 2 to block ICMP packets


 iptables -I INPUT 2 –p icmp –s 10.10.1.0/24 -j DROP

Task 9: Save all rules


 sudo /sbin/iptables-save

Task 10: Delete a specific rule


 Display line number along with other information for existing rules using command
iptables -L INPUT -n --line-numbers
 You will get the list of IP. Look at the number on the left, then use number to delete it. For
example delete line number 4, enter: sudo iptables -D INPUT 4

Task 11: Flush all the rules


 sudo iptables -F

Review questions:
1. Explain need for packet filtering firewall.
2. Explain the working of iptables in detail.
3. What is the difference between DROP and REJECT in iptables?

Page 22

You might also like