{"id":39602,"date":"2016-09-30T16:35:42","date_gmt":"2016-09-30T11:05:42","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=39602"},"modified":"2016-10-03T15:09:08","modified_gmt":"2016-10-03T09:39:08","slug":"basics-of-iptables","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/basics-of-iptables\/","title":{"rendered":"Basics of IPTables"},"content":{"rendered":"<p><strong>Linux<\/strong> is the most-used open source\u00a0operating system.\u00a0<a title=\"cloud devOps\" href=\"http:\/\/www.tothenew.com\/devops-aws\">Managing network traffic<\/a> is one of the toughest jobs to deal with. \u00a0For this, we must configure the <strong>firewall<\/strong> in such a way that it meets the system and users requirements without leaving the system vulnerable.\u00a0The default firewall in most of the Linux distributions is <strong>IPTables.<\/strong><\/p>\n<p><strong>IPTables<\/strong> is used to manage packet filtering, DNAT(Destination Network Address Translation), SNAT(Source Network Address Translation) rules. <strong>IPTables<\/strong> comes with all Linux distributions.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-41342\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Firewall.png\" alt=\"Firewall\" width=\"425\" height=\"234\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Firewall.png 764w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Firewall-300x164.png 300w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Firewall-624x343.png 624w\" sizes=\"(max-width: 425px) 100vw, 425px\" \/><\/p>\n<p>To update\/install it, just retrieve the IPTables package:<\/p>\n<p>[js]<br \/>\nsudo apt-get install iptables<br \/>\n[\/js]<\/p>\n<p><strong>IPTables<\/strong> might contain multiple tables and tables might contain multiple chains and chains contain multiple rules where rules are defined for the incoming and outgoing packets.<br \/>\nTherefore structure is <strong>IPTables -&gt; Tables -&gt; Chains -&gt; Rules<\/strong>.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41351\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-160859.png\" alt=\"Screenshot from 2016-09-30 16:08:59\" width=\"593\" height=\"529\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-160859.png 593w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-160859-300x267.png 300w\" sizes=\"(max-width: 593px) 100vw, 593px\" \/><\/p>\n<p>IPTables has the following 5 built-in tables:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-41178 \" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-29-130631.png\" alt=\"Screenshot from 2016-09-29 13:06:31\" width=\"642\" height=\"366\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-29-130631.png 551w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-29-130631-300x170.png 300w\" sizes=\"(max-width: 642px) 100vw, 642px\" \/><\/p>\n<p>Mostly we play around with FILTER, NAT and MANGLE tables. There are five built-in chains in which we can place our firewall policy rules:<\/p>\n<ul>\n<li><strong>INPUT CHAIN<\/strong>: It is used for rules which are applicable to the traffic\/packets coming towards the server.<\/li>\n<li><strong>OUTPUT CHAIN:<\/strong> It is used for rules which need to be applied on outgoing traffic\/packets from our server.<\/li>\n<li><strong>FORWARD CHAIN: <\/strong>It is used for adding rules related to forwarding an IP packet.<\/li>\n<li><strong>PRE-ROUTING CHAIN: <\/strong>It is used to add rules which define actions that need to be taken before a routing decision is made by the kernel.<\/li>\n<li><strong>POST-ROUTING CHAIN: <\/strong>It is used for adding rules which will define actions that need to be taken after a routing decision which is taken by the kernel.<\/li>\n<\/ul>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41352\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-161307.png\" alt=\"Screenshot from 2016-09-30 16:13:07\" width=\"583\" height=\"307\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-161307.png 583w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-161307-300x157.png 300w\" sizes=\"(max-width: 583px) 100vw, 583px\" \/><\/p>\n<p>Now, let&#8217;s see some useful commands:<\/p>\n<ul>\n<li><strong><span style=\"text-decoration: underline;\">To see all the rules<\/span>,<\/strong> we can type:<\/li>\n<\/ul>\n<p>[js]<br \/>\nsudo iptables -t &lt;table-name&gt; -L<br \/>\n[\/js]<\/p>\n<p>where,<br \/>\n<em>-t<\/em>\u00a0 \u00a0is used to specify the table name,<br \/>\n<em>-v<\/em>\u00a0 \u00a0for verbose and<br \/>\n<em>-L<\/em>\u00a0 \u00a0for listing the chains and rules<br \/>\nEx:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41328\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/s1.png\" alt=\"s1\" width=\"547\" height=\"219\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/s1.png 547w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/s1-300x120.png 300w\" sizes=\"(max-width: 547px) 100vw, 547px\" \/><br \/>\nHere, we have listed the chains and rules defined inside filter table.<br \/>\nIf we haven&#8217;t played with iptables before then by default, no rules are present in any of the built-in tables.<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\"><strong>To add a rule inside a chain of a table<\/strong><\/span>, we can type:<\/li>\n<\/ul>\n<p>[js]<br \/>\nsudo iptables -t &lt;table-name&gt; -A &lt;chain-name&gt; -d &lt;destination-address&gt; -p &lt;protocol&gt; -j &lt;action&gt;<br \/>\n[\/js]<\/p>\n<p>where,<br \/>\n<i>-A<\/i>\u00a0 \u00a0to append one or more rules to the end of the selected chain<br \/>\n<i>-d<\/i>\u00a0 \u00a0for specifying a destination<br \/>\n<i>-p \u00a0\u00a0<\/i>protocol of the rule or of the packet to check<br \/>\n<i>-j<\/i>\u00a0 \u00a0 specifies the target of the rule; i.e., what to do if the packet matches it,<br \/>\nEx:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41331\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-144831.png\" alt=\"Screenshot from 2016-09-30 14:48:31\" width=\"812\" height=\"307\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-144831.png 812w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-144831-300x113.png 300w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-144831-624x235.png 624w\" sizes=\"(max-width: 812px) 100vw, 812px\" \/><br \/>\nWe have created a rule inside OUTPUT chain which says, drop any TCP packets going to 1.2.3.4.<\/p>\n<ul>\n<li>To flush all the rules:<\/li>\n<\/ul>\n<p>[js]<br \/>\nsudo\u00a0iptables -t &lt;table-name&gt; -F<br \/>\n[\/js]<\/p>\n<p>where,<br \/>\n-F to flush the selected table rules<br \/>\nEx:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41332\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145219.png\" alt=\"Screenshot from 2016-09-30 14:52:19\" width=\"975\" height=\"558\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145219.png 975w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145219-300x171.png 300w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145219-624x357.png 624w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><br \/>\nAs we can see all the rules from filter table are deleted\/flushed.<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\"><strong>To create a new chain<\/strong><\/span>:<\/li>\n<\/ul>\n<p>[js]<br \/>\nsudo iptables -t &lt;table-name&gt; -N &lt;chain-name&gt;<br \/>\n[\/js]<\/p>\n<p>where,<br \/>\n-N \u00a0 for adding new chain to a particular table<br \/>\nEx:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41333\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145453.png\" alt=\"Screenshot from 2016-09-30 14:54:53\" width=\"980\" height=\"384\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145453.png 980w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145453-300x117.png 300w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145453-624x244.png 624w\" sizes=\"(max-width: 980px) 100vw, 980px\" \/><br \/>\nA new chain name &#8220;TEST&#8221; has been created by the above command shown in the figure.<\/p>\n<ul>\n<li><strong><span style=\"text-decoration: underline;\">To delete a chain<\/span>:<\/strong><\/li>\n<\/ul>\n<p>[js]<br \/>\nsudo iptables -t &lt;table-name&gt; -X &lt;chain-name&gt;<br \/>\n[\/js]<\/p>\n<p>where,<br \/>\n-X \u00a0 is for deleting the optional user-defined chain specified<br \/>\nEx:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-41334\" src=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145629.png\" alt=\"Screenshot from 2016-09-30 14:56:29\" width=\"985\" height=\"598\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145629.png 985w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145629-300x182.png 300w, \/blog\/wp-ttn-blog\/uploads\/2016\/09\/Screenshot-from-2016-09-30-145629-624x378.png 624w\" sizes=\"(max-width: 985px) 100vw, 985px\" \/><br \/>\nChain name &#8220;TEST&#8221; has been deleted from filter table.<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Simple Use Case<\/span>\u00a0:<br \/>\n<\/strong>Suppose our server has been hit by <strong>DoS<\/strong> attacks.<strong>\u00a0<\/strong>In order to protect our server from common DoS (or small-scale DDoS) attacks, we can use IPTables.<\/p>\n<p>Let&#8217;s block IP\u00a0address with the help of rules defined inside the INPUT chain of <b>filter<\/b> table:<\/p>\n<ol>\n<li><strong>Setting the rule:<\/strong>\n<p>[js]<br \/>\nsudo iptables -t filter -A INPUT -s x.x.x.x -p tcp -j DROP<br \/>\n[\/js]<\/p>\n<p>The above command will block x.x.x.x from entering into the server. <strong>DROP<\/strong>\u00a0action will drop all the TCP packets coming from x.x.x.x IP-address.<strong>:<\/strong><\/li>\n<li>We can delete the rule in one of the two ways:\n<ol>\n<li>Deleting by <strong>line number<\/strong>:\n<p>[js]<br \/>\nsudo iptables -D INPUT 1<br \/>\n[\/js]<\/p>\n<\/li>\n<li>Deleting the <strong>particular rule<\/strong>:\n<p>[js]<br \/>\nsudo iptables -D INPUT -s x.x.x.x -p tcp -j DROP<br \/>\n[\/js]<\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>For more detailed information, we can refer the <a href=\"https:\/\/linux.die.net\/man\/8\/iptables\">manual page<\/a> of IPTables.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux is the most-used open source\u00a0operating system.\u00a0Managing network traffic is one of the toughest jobs to deal with. \u00a0For this, we must configure the firewall in such a way that it meets the system and users requirements without leaving the system vulnerable.\u00a0The default firewall in most of the Linux distributions is IPTables. IPTables is used [&hellip;]<\/p>\n","protected":false},"author":919,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":116},"categories":[2348,1],"tags":[1892,2536,4063,260,4090,4099,1898,4091],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/39602"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/919"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=39602"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/39602\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=39602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=39602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=39602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}