Ip tables explained very fast
Used to filter the network traffic to avoid DDoS attack.
rate limiting
Blocking ports
Targets
Drop: block traffic
Accept: allow
Reject: block with a message to end-user.
Chains:
Input:
forward:
output:
sudo iptables -A/-I chain_name -s source_ip -p
Options
-s source big the packet ipaddress
-j action to take
-p protocol name TCP/udp, – -dport= dportnumber
-P change rule / policy
-D deleting the rule
-a append end of the file
sudo iptables -A
-i append rule start of the file
sudo iptables -I
Ex:
sudo iptables -A INPUT -s 192.168.1.3 -p tcp –dport 22 -j ACCEPT
note: ip table ignores the last /2nd rule if first or top rule matches with connection. Top to bottom approach.
Ip tables block ip address rule example
sudo iptables -A/-I chain_name -s source_ip -j action_to_take
iptables -A INPUT -s 192.168.1.3 -j DROP
To list the rules
sudo iptables -L
To clear rules
sudo iptables -F
Deleting rule from iptables
sudo iptables -D chain_name rule_number
sudo iptables -D INPUT 1
Firewalld:
default in redhat family CentOS, fedora
part of systemd
firewalld uses zones and services instead of chain and rules
make sure stop iptables before installing firewalld
sudo yum install firewalld firewall-config -y
sudo apt-get install firewall-applet
Commands
sudo firewall-cmd –get-active-zones
sudo firewall-cmd –get-zones
sudo firewall-cmd –get-default-zone
sudo firewall-cmd –get-services
sudo systemctl status firewalld
add port, delete port using firewalld but I like ufw.
sudo service iptables options
,(stop / start / restart/ reload)
sudo /etc/init.d/iptables options
sudo service ufw options
Ufw vs iptables
Ufw is new interface for iptables easy to understand
If you add/change rule with ufw. It automatically changes the iptable rules.
Block port scanning
sudo iptables -A block-scan -j DROP
Check open ports in your server
SMTP/Mail port: 25
block it if you use email
Ftp:21 (also block it )
SFTP&ssh 22(necessary)
port: 80 web,443ssl,3306mysql
selinux