Content added Content deleted

Inline

Latest revision as of 16:48, 18 November 2020

IPTables

Adding Rules

Allow SSH

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Allow incoming web traffic

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Blocking Traffic

iptables -A INPUT -j DROP
iptables -A INPUT -i ens160 -s 10.140.198.7  -j DROP

Allow loopback

iptables -I INPUT 1 -i lo -j ACCEPT

Reporting

List rules

iptables -L
iptables -L --line-numbers

Logging

iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Check Stats

iptables -nvL

Reset Packet Counts and Aggregate Size:

iptables -Z

Deleting Rules

Delete a Rule

iptables -D INPUT -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -i ens160 -s 10.140.198.7  -j DROP

Delete by Rule Number

iptables -D INPUT 3       # Chain name = INPUT

Flush Chain

iptables --flush MYCHAIN

Flush Iptables

iptables -F

Delete Empty Chain

iptables -X MYCHAIN

Saving Rules

Export rules

iptables-save > /etc/iptables.conf

Restore them on every reboot

sudo nano /etc/rc.local
iptables-restore < /etc/iptables.conf

UFW

Basic Usage

Installation

sudo apt-get install ufw
sudo apt-get install gufw
sudo ufw enable
gufw

To check your current settings:

sudo ufw status verbose

To add firewall rules:

sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 5353/udp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny from 192.168.1.5 to any                            # Block specific IP address
sudo ufw deny from 202.54.1.5 to any port 80                     # Block specific IP and port number i.e Block Spammers
sudo ufw deny proto tcp from 202.54.1.1 to any port 22           # Deny specific IP, port number, and protocol
sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22        # Block Subnet

Add a Rule to the Top of the List:

sudo ufw insert 1 deny from 202.54.1.0/24 comment 'Block DoS attack subnet'

Delete Specific Rules:

sudo ufw status numbered
sudo ufw delete 4

Confirm your changes:

sudo ufw status verbose
sudo ufw status numbered
sudo ufw show added
sudo ufw show listening
sudo ufw show builtins
sudo ufw show before-rules
sudo ufw show user-rules
sudo ufw show after-rules
sudo ufw show logging-rules

Manage Application Traffic:

sudo ufw app list
sudo ufw app info Samba
sudo ufw allow from 192.168.1.0/24 to any app Samba

Rate Limiting:

sudo ufw limit 53/udp
sudo iptables -L | grep domain

Check Stats:

sudo ufw show raw

Re-check enable (required):

sudo ufw enable

Reset UFW:

sudo ufw reset

Receive the UDP multicast traffic

sudo ufw allow in proto udp to 224.0.0.0/4
sudo ufw allow in proto udp from 224.0.0.0/4

This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through:

sudo nano /etc/ufw/before.rules

and add the following lines somewhere before the COMMIT line:

# allow IGMP
-A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT

Internet Connection Sharing using UFW

sudo ufw allow from 192.168.1.0/29

sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"

sudo nano /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1

sudo nano /etc/ufw/before.rules

Add rules for nat table

*nat
:POSTROUTING ACCEPT [0:0]

Forward traffic from eth0 through ppp0

-A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE

Commit preceding nat table rules

COMMIT

sudo service ufw restart

{{#widget:DISQUS |id=networkm |uniqid=IPTables |url=https://aman.awiki.org/wiki/IPTables }}