Tuesday, January 29, 2013

Introduction to iptables

iptables is the IP packet filtering system that comes with Linux distro and integrated with 2.4.x version of linux kernel. It is used in enterprise for IP filtering and firewall configuration. It can control packet traffic on your system. It can allow, reject, deny, or route the traffic.

Protocal level services/commands
- iptables - IPv4 -     # yum install iptables
- ip6tables - IPv6 -
- arptables - ARP -     # yum install arptables*
- ebtables  - Ethernet    - # yum -y install ebtables

IPtables control the packet traffic by creating TABLES made up of CHAINS. There are four types of chains:

INPUT --> Controls packets coming into the system.
OUTPUT  --> Controls packets going out off the system.
FORWARD  --> Controls packets that are sent out or forwarded

These are applied to default policies

[root@sama log]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

RH-Firewall-1-INPUT --> The user-defined custom chain.


Each chain handle the packet traffic in one of four different ways (actions)
ACCEPT  --> Allows traffic to pass through iptables
DROP    --> Packet is immediately dropped and Terminates the connection. Target device never sees the packet.
REJECT  --> Blocks and drops the traffic, but sends an error packet in response
RETURN  --> Go to another chain in your table as it never see the rejecting chain.

For more help do man.

# man iptables


On latest version of Linux distro, it is integrated with 2.4.x kernel.

To stop it,
# service iptables status
# service iptables start/restart
# service iptables stop
# /etc/init.d/iptables stop

To turn off the iptables across the reboot on different run label,
# chkconfig --list | grep iptables
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off

# chkconfig --level 0123456 iptables off

TO enable on reboot,
# chkconfig --level 35 iptables on

2. List the current rules on the system.
[root@sama log]# iptables --list

3. Save the iptables rules (configurations) (Redhat/CentOS)
# /etc/init.d/iptables save

Note: there is no - after iptables and the rule will be saved on /etc/sysconfig/iptables.

No comments:

Post a Comment