IP Tables by example
I have taken created a LAN between Windows( Host) and a Ubuntu VM(Guest).The Ip address of VM is 192.168.56.101 and that of host is 192.168.56.1.(Please note that IP’s should be in the same subnet for a LAN connection).
Iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.
For help on iptables type man iptables
IP TABLES MAN PAGE
I have installed ftp and open ssh server on the Linux VM.So before iptables is implemented the results would be
BEFORE CREATING IPTABLES NEW RULES FLUSH THE OLD RULES
Iptables –list command is used show details about the iptables chain.
IPTABLES RULES EXAMPLES
1>iptables -I INPUT -p tcp –dport 22 –jREJECT
This is will reject all the packets coming from any source to port 22(ssh server).For this example I have installed open-ssh server.
2>iptables -I INPUT -s 192.168.56.1 -p tcp –dport 21 –jDROP.
This is will reject all the packets coming from 192.168.56.1 source to port 21(ftp server).For this example I have installed wu-ftp server.
3> iptables -I INPUT -s 192.168.56.1 -p icmp –jDROP
This is will reject the ping echo request coming from 192.168.56.1 source.
After creating iptable rules and running an nmap scan on the localhost we find that ssh (22) has been blocked by the firewall, as we had created this rule “iptables -I INPUT -p tcp –dport 22 –jREJECT”
The port has been blocked for everyone including the host itself.
Now if connect the to open ssh server from 192.168.56.1 via putty then it won’t connect as the port is blocked.
Similarly ping to 192.168.56.101 wont work.
Iptable rules are stored in /etc/iptables.up.rules
To delete iptables chain rule replace –I switch by –D.
Tools to configure iptables: