Open navigation menu

Scribd

0% found this document useful (0 votes)

79 views4 pages

Iptables Rules for 10.5.0.1 Configuration

The document contains the configuration and rules for iptables on a Linux firewall. It shows: 1. Listing the existing iptables rules and default policies for the INPUT, FORWARD, and OUTPUT chains. 2. Removing all rules and resetting default policies. 3. Restricting the OUTPUT chain policy to DROP. 4. Re-adding rules to allow established connections and define rules for DNS, web, and SSH traffic between internal and external networks. 5. Additional rules are added to allow firewall updates and outbound internet access.

Uploaded by

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

79 views4 pages

Iptables Rules for 10.5.0.1 Configuration

The document contains the configuration and rules for iptables on a Linux firewall. It shows: 1. Listing the existing iptables rules and default policies for the INPUT, FORWARD, and OUTPUT chains. 2. Removing all rules and resetting default policies. 3. Restricting the OUTPUT chain policy to DROP. 4. Re-adding rules to allow established connections and define rules for DNS, web, and SSH traffic between internal and external networks. 5. Additional rules are added to allow firewall updates and outbound internet access.

Uploaded by

Copyright

© © All Rights Reserved

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

1) Listar Reglas

root@fw:~# iptables -n -L -v
Chain INPUT (policy DROP 7 packets, 2296 bytes)
pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0

state RELATED,ESTABLISHED
89 7446 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
1 101 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- lo * 0.0.0.0/0 0.0.0.0/0

1 73 ACCEPT udp -- lo * 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT icmp -- lo * 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

icmptype 8 state NEW

Chain FORWARD (policy DROP 3 packets, 984 bytes)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0

state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth2 eth0 10.5.2.0/24 0.0.0.0/0
state NEW
2 656 ACCEPT udp -- eth2 eth0 10.5.2.0/24 0.0.0.0/0
state NEW
0 0 ACCEPT icmp -- eth2 eth0 10.5.2.0/24 0.0.0.0/0
state NEW
0 0 ACCEPT udp -- eth1 * 10.5.1.0/24 10.5.0.1
udp dpt:53 state NEW
0 0 ACCEPT tcp -- eth1 * 10.5.1.0/24 10.5.0.1
tcp dpt:53 state NEW
0 0 ACCEPT tcp -- eth1 eth0 10.5.1.0/24 0.0.0.0/0
state NEW
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.5.1.11
tcp dpt:20 state NEW
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.5.1.11
tcp dpt:21 state NEW
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.5.1.10
tcp dpt:80 state NEW
0 0 ACCEPT tcp -- * eth1 0.0.0.0/0 10.5.1.10
tcp dpt:443 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 state NEW

Chain OUTPUT (policy ACCEPT 91 packets, 6103 bytes)

pkts bytes target prot opt in out source destination

2) Eliminar reglas
root@fw:~# iptables -F
root@fw:~# iptables -n -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

3) Restringir tráfico de la cadena faltante

root@fw:~# iptables -P OUTPUT DROP

root@fw:~# iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

root@fw:~#

4)registrar nuevamente las reglas para el dominio example.net

iptables -A FORWARD -m state --state ESTABLISHED

iptables -A INPUT -m state --state ESTABLISHED
iptables -A OUTPUT -m state --state ESTABLISHED

iptables -A FORWARD -s 10.5.1.0/24 -i eth1 -d 10.5.0.1 -p udp --dport 53 -m state

--state NEW -j LOG
iptables -A FORWARD -s 10.5.1.0/24 -i eth1 -d 10.5.0.1 -p udp --dport 53 -m state
--state NEW -j ACCEPT

iptables -A FORWARD -s 10.5.1.0/24 -i eth1 -d 10.5.0.1 -p tcp --dport 53 -m state

--state NEW -j LOG
iptables -A FORWARD -s 10.5.1.0/24 -i eth1 -d 10.5.0.1 -p tcp --dport 53 -m state
--state NEW -j ACCEPT

iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.11 -o eth1 -p tcp --dport 20 -m state

--state NEW -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.11 -o eth1 -p tcp --dport 20 -m state
--state NEW -j ACCEPT

iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.11 -o eth1 -p tcp --dport 21 -m state

--state NEW -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.11 -o eth1 -p tcp --dport 21 -m state
--state NEW -j ACCEPT
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp --dport 80 -m state
--state NEW -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp --dport 80 -m state
--state NEW -j ACCEPT

iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp --dport 443 -m state

--state NEW -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp --dport 443 -m state
--state NEW -j ACCEPT

******permite mantener la comunicación de las conexiones ya establecidas

iptables -A FORWARD -m state --state ESTABLISHED

******agregar puertos 80 y 443 con una sola regla

iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp -m multiport --source-
port 80,443 -m state --state NEW -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -d 10.5.1.10 -o eth1 -p tcp -m multiport --source-
port 80,443 -m state --state NEW -j ACCEPT

5) Permitir resolución DNS públic Google 8.8.8.8

---iptables -A OUTPUT -s 10.5.2.0/24 -o eth0 -d 8.8.8.8 -p udp --dport 53 -m state
--state NEW -j LOG
---iptables -A OUTPUT -s 10.5.2.0/24 -o eth0 -d 8.8.8.8 -p udp --dport 53 -m state
--state NEW -j ACCEPT

---iptables -A INPUT -s 0.0.0.0/0 -i eth0 -d 10.5.2.0/24 -p udp --dport 53 -m state

--state NEW -j LOG
---iptables -A INPUT -s 0.0.0.0/0 -i eth0 -d 10.5.2.0/24 -p udp --dport 53 -m state
--state NEW -j ACCEPT

iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 8.8.8.8 -p udp --dport 53 -m state

--state NEW,ESTABLISHED -j LOG
iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 8.8.8.8 -p udp --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT

--iptables -A FORWARD -s 8.8.8.8 -i eth0 -d 10.5.2.0/24 -p udp --dport 53 -m state

--state NEW,ESTABLISHED -j LOG ?
--iptables -A FORWARD -s 8.8.8.8 -i eth0 -d 10.5.2.0/24 -p udp --dport 53 -m state
--state NEW,ESTABLISHED -j ACCEPT ?

6) conexiones desde la red local hacía el server web en la DMZ

iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 10.5.1.10 -p tcp -m multiport
--source-port 80,443 -m state --state NEW,ESTABLISHED -j LOG
iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 10.5.1.10 -p tcp -m multiport
--source-port 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

7) Conexiones desde la red local hacía servidores web en internet

iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 0.0.0.0/0 -p tcp -m multiport
--source-port 80,443 -m state --state NEW,ESTABLISHED -j LOG
iptables -A FORWARD -s 10.5.2.0/24 -i eth2 -d 0.0.0.0/0 -p tcp -m multiport
--source-port 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

8) Se desea permitir conexiones desde internet al servidor web por HTTP en la DMZ
iptables -A FORWARD -s 0.0.0.0/0 -i eth0 -d 10.5.1.10 -p tcp --dport 80 -m state
--state NEW,ESTABLISHED -j LOG
iptables -A FORWARD -s 0.0.0.0/0 -i eth0 -d 10.5.1.10 -p tcp --dport 80 -m state
--state NEW,ESTABLISHED -j ACCEPT
9) permitir conexiones SSH desde la red local
iptables -A INPUT -p tcp -s 10.5.2.0/24 --dport 22 -m conntrack --ctstate
NEW,ESTABLISHED -j LOG
iptables -A INPUT -p tcp -s 10.5.2.0/24 --dport 22 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT

se agrega porque la política OUTPUT se encuentra en modo DROP

iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j LOG
iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

10) Permitir al firewall conexion a internet para actualizarce

iptables -A OUTPUT -o eth0 -d 82.194.78.250 -p tcp -m multiport --source-port
80,443 -m state --state NEW,ESTABLISHED -j LOG
iptables -A OUTPUT -o eth0 -d 82.194.78.250 -p tcp -m multiport --source-port
80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

You might also like

Iptables Firewall Setup Guide
No ratings yet
Iptables Firewall Setup Guide
10 pages
Understanding IPTables in Linux
No ratings yet
Understanding IPTables in Linux
5 pages
AsteriskNow IPTables Firewall Setup Guide
No ratings yet
AsteriskNow IPTables Firewall Setup Guide
3 pages
IPTables/Netfilter Guide & Commands
No ratings yet
IPTables/Netfilter Guide & Commands
6 pages
Iptables Firewall Overview by Blair Hicks
No ratings yet
Iptables Firewall Overview by Blair Hicks
24 pages
Tema 1
No ratings yet
Tema 1
3 pages
#1: Displaying The Status of Your Firewall: Type The Following Command As Root
No ratings yet
#1: Displaying The Status of Your Firewall: Type The Following Command As Root
19 pages
Linux 20 Iptables Examples For New SysAdmins
No ratings yet
Linux 20 Iptables Examples For New SysAdmins
7 pages
Iptables: Linux Firewall Guide
No ratings yet
Iptables: Linux Firewall Guide
31 pages
Iptables Guide for New SysAdmins
No ratings yet
Iptables Guide for New SysAdmins
14 pages
Linux Firewall
No ratings yet
Linux Firewall
12 pages
Netfilter/Iptables Overview 2023-2024
No ratings yet
Netfilter/Iptables Overview 2023-2024
12 pages
Cortafuegos de Linux
No ratings yet
Cortafuegos de Linux
30 pages
Firewall Rules for Bogon IPs & Security
No ratings yet
Firewall Rules for Bogon IPs & Security
4 pages
Iptables: Configuring/Modifying Iptables
No ratings yet
Iptables: Configuring/Modifying Iptables
4 pages
Iptableshowto: Basic Iptables Howto
No ratings yet
Iptableshowto: Basic Iptables Howto
8 pages
CentOS RedHat Iptables Firewall Guide
No ratings yet
CentOS RedHat Iptables Firewall Guide
7 pages
Linux Iptables Setup Guide
No ratings yet
Linux Iptables Setup Guide
3 pages
Linux Ip Tables
No ratings yet
Linux Ip Tables
20 pages
Rhel Notes For Rh253
100% (1)
Rhel Notes For Rh253
27 pages
Understanding IPTABLES for Linux Firewall
No ratings yet
Understanding IPTABLES for Linux Firewall
13 pages
Configuring NAT with iptables Guide
No ratings yet
Configuring NAT with iptables Guide
8 pages
Lab 7
No ratings yet
Lab 7
16 pages
Iptables - F (Or) Iptables - Flush: 1. Delete Existing Rules
No ratings yet
Iptables - F (Or) Iptables - Flush: 1. Delete Existing Rules
5 pages
NPP Linux 03 Gateway
No ratings yet
NPP Linux 03 Gateway
105 pages
Linux IPTables Rules: Top 25 Examples
No ratings yet
Linux IPTables Rules: Top 25 Examples
8 pages
Advanced Firewall Setup Guide
No ratings yet
Advanced Firewall Setup Guide
3 pages
Additional Topics
No ratings yet
Additional Topics
26 pages
4.4.1.2 - Configure Ip Acls To Mitigate Attacks: Topology
No ratings yet
4.4.1.2 - Configure Ip Acls To Mitigate Attacks: Topology
85 pages
LAB - Chapter 10.0 - Firewall - IPTable
No ratings yet
LAB - Chapter 10.0 - Firewall - IPTable
13 pages
Comparing ipchains and iptables
No ratings yet
Comparing ipchains and iptables
39 pages
Contoh Iptables Rules
No ratings yet
Contoh Iptables Rules
15 pages
Firewall Builder Setup on OpenWrt
No ratings yet
Firewall Builder Setup on OpenWrt
25 pages
Lab Assignment 11 Firewalls Using IPTABLES
No ratings yet
Lab Assignment 11 Firewalls Using IPTABLES
12 pages
25 Most Frequently Used Linux IPTables Rules PDF
No ratings yet
25 Most Frequently Used Linux IPTables Rules PDF
10 pages
IPTable Cheat Sheet
No ratings yet
IPTable Cheat Sheet
1 page
IPTable Cheat Sheet
No ratings yet
IPTable Cheat Sheet
1 page
Tarea Iptables
No ratings yet
Tarea Iptables
4 pages
Comandos Administrativos de Red
No ratings yet
Comandos Administrativos de Red
9 pages
Week 6 - NslecM05l - 2020
No ratings yet
Week 6 - NslecM05l - 2020
42 pages
Week 7 - NslecM05l - 2021
No ratings yet
Week 7 - NslecM05l - 2021
66 pages
04 Firewall
No ratings yet
04 Firewall
57 pages
Nfdatbles
No ratings yet
Nfdatbles
2 pages
Lecture 09 Iptables
No ratings yet
Lecture 09 Iptables
16 pages
RC Firewall
No ratings yet
RC Firewall
16 pages
Mikrotik Firewall Configuration Guide
No ratings yet
Mikrotik Firewall Configuration Guide
6 pages
25 Most Frequently Used Linux IPTables Rules Examples
No ratings yet
25 Most Frequently Used Linux IPTables Rules Examples
15 pages
Firewall Guidelines
No ratings yet
Firewall Guidelines
1 page
Ctr-Asw-03 PARA CX300A
No ratings yet
Ctr-Asw-03 PARA CX300A
8 pages
Linux Firewall Tutorial: Iptables Tables, Chains, Rules Fundamentals
No ratings yet
Linux Firewall Tutorial: Iptables Tables, Chains, Rules Fundamentals
12 pages
Huawei USG6000 Config Guide
No ratings yet
Huawei USG6000 Config Guide
26 pages
Packet Tracer: VLAN & NAT Configuration
No ratings yet
Packet Tracer: VLAN & NAT Configuration
7 pages
BCP - Filtros - Weher Labs
No ratings yet
BCP - Filtros - Weher Labs
7 pages
Linux - If I Put Accept All 0.0.0.0 0 Means This S
No ratings yet
Linux - If I Put Accept All 0.0.0.0 0 Means This S
2 pages
Firewall FBasic Examples
No ratings yet
Firewall FBasic Examples
3 pages
Firewall Lab-7
No ratings yet
Firewall Lab-7
3 pages
Настройка Файервола Рабочей Станции
No ratings yet
Настройка Файервола Рабочей Станции
1 page
Handy Linux Iptables Script
No ratings yet
Handy Linux Iptables Script
3 pages
Multimedia Networking: Jay Gholap (110803061)
No ratings yet
Multimedia Networking: Jay Gholap (110803061)
22 pages
HUNQ2 Working Principle and Signal Flow
No ratings yet
HUNQ2 Working Principle and Signal Flow
3 pages
PAN-OS Packet Flow Sequence Guide
No ratings yet
PAN-OS Packet Flow Sequence Guide
11 pages
TCP Congestion Control - Wikipedia
No ratings yet
TCP Congestion Control - Wikipedia
12 pages
Assignment 1 Sol
No ratings yet
Assignment 1 Sol
6 pages
Projects BGP at Doors of Autonomous Systems Is Simple Edit
No ratings yet
Projects BGP at Doors of Autonomous Systems Is Simple Edit
5 pages
Unicast vs Broadcast vs Multicast Explained
No ratings yet
Unicast vs Broadcast vs Multicast Explained
2 pages
H.248 Protocol Explanation
No ratings yet
H.248 Protocol Explanation
51 pages
Combining An API Gateway With Load Balancing in Go - Architecture & Best Practices
No ratings yet
Combining An API Gateway With Load Balancing in Go - Architecture & Best Practices
8 pages
BitTorrent Architecture and Challenges
No ratings yet
BitTorrent Architecture and Challenges
12 pages
LTE RAN Sharing Techniques Overview
No ratings yet
LTE RAN Sharing Techniques Overview
20 pages
HTTP Status Codes Explained
No ratings yet
HTTP Status Codes Explained
4 pages
C9300-48S-A Switch Datasheet
No ratings yet
C9300-48S-A Switch Datasheet
4 pages
CS Unit 2
No ratings yet
CS Unit 2
9 pages
Module 8: Implementing Replication
No ratings yet
Module 8: Implementing Replication
20 pages
G120 Fieldbus FCT Man 0418 en-US PDF
No ratings yet
G120 Fieldbus FCT Man 0418 en-US PDF
244 pages
Configuring Radsec
No ratings yet
Configuring Radsec
10 pages
WT Syllabus
No ratings yet
WT Syllabus
1 page
CEG3185 Syllabus Winter2019
No ratings yet
CEG3185 Syllabus Winter2019
2 pages
Netconf & Yang
No ratings yet
Netconf & Yang
3 pages
Computer Networks
No ratings yet
Computer Networks
6 pages
Research Protocols Used in Networking For PowerPoint Presentation
No ratings yet
Research Protocols Used in Networking For PowerPoint Presentation
17 pages
Infoblox Solution Note - Complementing Commonly Used Security Technologies
No ratings yet
Infoblox Solution Note - Complementing Commonly Used Security Technologies
3 pages
Lab 4 - Use Wireshark To Examine Ethernet Frames
No ratings yet
Lab 4 - Use Wireshark To Examine Ethernet Frames
6 pages
Introduction To Web Developement
No ratings yet
Introduction To Web Developement
30 pages
HP - Actualtests.HP2Z31.vmay19.by .Lagi .90q
No ratings yet
HP - Actualtests.HP2Z31.vmay19.by .Lagi .90q
84 pages
Introduction To Routing Protocols
No ratings yet
Introduction To Routing Protocols
11 pages
Telecom Training for Students
No ratings yet
Telecom Training for Students
28 pages
5.0 Device Management: 5.1 Pre-Configured Settings
No ratings yet
5.0 Device Management: 5.1 Pre-Configured Settings
33 pages
Cisco Commands
100% (3)
Cisco Commands
12 pages