Everyone in the IT industry is concerned with security, especially Linux administrators. Many Linux distributions come with several services that you may not use or ever need, but they're running on your server anyways. This can cause many security threats.
With the slightest knowledge of Linux firewalls, you can secure your Linux server very quickly and efficiently. In this article, I will either introduce you into iptables for your first time, or help you become more efficient with iptables if you've worked with them in the past.
As network packets flow in and out of the network interface card, they are intercepted, analyzed and manipulated, as ruled through the Linux firewall. As the packet flows through the firewall rules and it reaches a rule that is matches, it stops there and doesn't continue through the rest of the rule set.
For instance, there are two rules; one rule is to drop all packets coming in through port 25, then there is a rule directly after that says to accept 192.168.1.25 on port 25. That packet will be dropped once it hits the first rule. It won't even know there is a second rule. The first example is continued further down in this article. There have been three main Linux firewalls that are widely used as follows:
Let's take a look at what is under the iptables list.
[TABLE]
That will show your complete iptables rule list, with as much information as possible about each rule. Let's break down what you're looking at. You should see something similar to the table below, although it should be noted that the table in the example is an empty table, whereas you will have rules in your table.
Flushing your list of rules can be good if you would like to rewrite your rules completely as I've done plenty of times in the past. You can "flush" every rule under iptables by doing:
[TABLE]
However, you may want to only flush all the rules under the INPUT, FORWARD or OUTPUT chain. You can speci
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseLinux.com
fy which chain to flush by each of the following:
[TABLE]
Additionally, you can save your rules so that when you restart your Linux server, the current rules will become active once again. You can save by doing:
[TABLE]
All Red Hat Enterprise Linux (RHEL) versions, unless specified, come with iptables installed and started automatically the first time you turn on your server. There just may not be any rules to abide by. If there are no rules to follow, then iptables will not do anything with the network packets. It will act as if there is no firewall at all.
If you want iptables to STOP running, you can initiate the following command:
[TABLE]
You should get the following:
[TABLE]
Of course, you can START iptables by doing:
[TABLE]
You should see:
If you don't want iptables to be started when you start your RHEL server, do the following:
[TABLE]
See the example below.
Scenario: You want to simply deny every IP address a connection to your SMTP server (tcp port 25), except for the IP: 192.168.1.25.
Two commands for this, are as follows:
[TABLE]
The reason I put the "DROP" command in before the "ACCEPT" is because a rule has already been entered into the database and when a rule is added next, it is added directly above the last one entered. Putting the DROP command before the ACCEPT lets the ACCEPT rule be read before the DROP command. Let's break the rest of these commands down:
The first command:
The second command:
Don't forget to save your current work.
[TABLE]
Now, let's look at our table:
[TABLE]
[TABLE]
Notice how the "ACCEPT" rule is above the "DROP" rule.
Practicing with iptables will improve your proficiency and speed with Linux firewalls. I've used iptables in Linux environments with nearly 50 servers. Many rules running on a single Linux server will not slow down the system at all.
