Scribd
Upload
121 views4 pages

Understanding Iptables for Linux Security

Iptables act as a firewall for Linux systems by allowing users to filter network traffic and control which traffic is allowed or blocked. Iptables uses tables, chains, and rules to examine incoming and outgoing packets and determine whether to accept, drop, reject or queue them based on matching criteria like protocol, IP address, or port.

Uploaded by

HuZaM Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
121 views4 pages

Understanding Iptables for Linux Security

Iptables act as a firewall for Linux systems by allowing users to filter network traffic and control which traffic is allowed or blocked. Iptables uses tables, chains, and rules to examine incoming and outgoing packets and determine whether to accept, drop, reject or queue them based on matching criteria like protocol, IP address, or port.

Uploaded by

HuZaM Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

IPTABLES

Iptables act as a firewall to your system. A firewall is just a way you can filter traffic.
It is pretty much saying what traffic you want to allow and what traffic you want to
block. You can set this up for your computer or an entire network.

Iptables make Linux even more secure as it gives you full control of what traffic you
can block and allow. Iptables is a terminal interface used to maintain and set up
tables for the Netfilter firewall for IPv4 included in the Linux kernel.

The reason iptables gets its name is because we create tables that allow and block
different IP addresses.

Need of iptables in Linux


Linux-based operating systems are very secure by themselves. So secure that you
don’t have to install an antivirus to protect your PC from malware and viruses as
they ask for approval in the form of a password for every application and program to
run.

However, in a world that revolves around the internet, with millions of cookies,
trackers, spam emails, and phishing attempts, you must only learn to take better
precautions. That is exactly what iptables is used for.

ad
Using iptables, you can perform different tasks like blocking cookies from a specific
website, stopping spam mail coming to your account, blocking a specific user, or a
group of people over a network and so many more things to improve your security.

Understanding basic concepts of iptables


For the sake of simplicity and understandability, let us look into the basic concepts
and terminologies that are related to iptables.

When talking about iptables, it is very important to understand the 3 terms:

1. Tables

2. Chains

3. Rules

Let us look at each of these terms one by one:


1. Tables in iptables
Iptables consist of 5 different types of tables, out of which 3 are main tables and each
table has a different role. Let us take a look at the 5 different tables along with their
roles:

a. Filter table:
The default and the main table used in iptables is the filter table. That means, that
whenever you don’t specify a specific table, the rule will apply to the filter table. As
the name suggests the rule of this table is filtering packets, which is to make
decisions on whether to let a pocket continue to its intended destination or to deny
its request.

The filter table provides the majority of functions of iptables, and for most occasions,
this is the table that you would be dealing with.

b. NAT table
The second main table is the NAT table. As the name suggests, it is used to provide
the network address translation rules. The rule in this table will determine whether
to modify and how to modify the packet’s source or destination addresses to route
the packet in the NAt setup. Where direct access is not possible.

c. Mangle table
The third main table is the Mangle table. This table is used to alter the IP headers of
the packet. For instance, you can adjust the time to lift the TTL value of the packet,
either lengthening or shortening the number of avoiding network hops that the
packet can sustain. Now other IP headers can be altered in similar ways

These above-mentioned tables are the 3 main tables, now let us look at the other 2
tables:

d. RAW table
RAW table is used for connection tracking. It provides a mechanism for marking
packets to view packets as a part of an ongoing connection or session.

e. Security table
Security table is used to send internal SELinux security content marks on packets
which will affect how SELinux or other systems that can interpret SELinux security
context handle these packets.
2. Chains in iptables
Chains are like points in the route of a packet, where you can apply rules. There are 5
chains in iptables, they are:

a. Pre routing

b. Input

c. Forward

d. Output

e. Post routing

All chains are not available for all tables. Each chain gives you the option to take
action on the packets and that particular point in the packet route.

Let’s get a more clear picture of each of the chains.

a. Pre routing chain


Pre routing chain is applied to any incoming packet very soon after entering the
network stack. This chain is processed before any routing decision have been made
regarding where to send the packet.

b. Input chain

The input chain is a point post-re-routing when a packet enters a system.

c. Forward chain
Forward chain is applied to a packet that is forwarded through your system.

d. Output chain
Output chain is applied to the packet originating from your system and going out.

e. Post routing chain


Post routing is the opposite of pre routing, This is applied to outgoing or forwarded
traffic after the routing decision has taken place and just before the packet is being
put on the wire.

You must note that all the tables can not do all the chains. Here is a list of what
chains the main 3 tables can handle:
a. Filter table: This default table can only handle the INPUT, OUTPUT, and
FORWARDING chains.
b. NAT table: This table can handle only PREROUTING, OUTPOST, and
POSTROUTING.
c. Mangle table: This table until recently supported only 2 chains. However, from
version 2.4 this table supports all 5 chains: PREROUTING, INPUT, OUTPUT,
OUTPOST, POSTROUTING, and FORWARDING.
3. Rules in iptables
Rules are the user-defined commands to manipulate the network traffic. As each
chain is called, each rule is checked against the packet within the chain in order. If
the packet does not match, the next rule in the chain is examined. If it does match,
then the next rule is specified by the value of the target.

Each rule has 2 components:

a. Matching component
A matching component is different conditions available to define rules. You can
match by protocol type, IP address, port address, interfaces headers, etc.

b. Target component
The target component is the action that is triggered when a packet meets the
matching criteria of a rule. There are 2 types of targets:

i. Terminating targets
Terminating targets are actions that end the further traversal in that particular
chain. Some examples of terminating targets are: Accept, Drop, Queue, Reject,
Return

ii. Non terminating targets


In non-terminating targets, you perform an action and then continue evaluation
within the chain.

Common questions

Powered by AI

The Mangle table uniquely focuses on altering packet headers, such as adjusting the TTL (time-to-live) value to control network hop limits, unlike the Filter table which filters packets, or the NAT table which modifies addressing. By altering headers, it allows for network behavior adjustments beyond simple filtering or routing, particularly in optimizing how packets traverse the network .

The NAT table in iptables is crucial for scenarios lacking direct access as it handles modifying packet source or destination addresses to facilitate routing. This is essential for network address translation setups where direct access routes aren't available, enabling communication across different network segments through address modification strategies .

The three main tables in iptables each serve distinct roles: 1) The Filter table, which is the default table, manages rules determining whether packets should be allowed or blocked. 2) The NAT (Network Address Translation) table handles modifying packet source or destination addresses for routing purposes when direct access isn't possible. 3) The Mangle table alters IP packet headers, affecting various parameters such as the TTL value to control network hop limits .

In iptables, 'rules' are pivotal as they define how packets are to be managed through user-defined commands. Each rule consists of two components: The Matching component, which specifies conditions such as protocol type, IP address, or port address; and the Target component, indicating the action triggered when a packet meets matching criteria. Actions can be terminating, such as 'Accept' or 'Drop', or non-terminating, which allows further chain evaluation .

Chains in iptables act as processing points in the packet's route where rules can be applied: 1) The PREROUTING chain processes incoming packets before any routing decision is made. 2) The INPUT chain processes packets destined for the local system. 3) The FORWARD chain handles packets being routed through the system to another destination. 4) The OUTPUT chain deals with packets originating from the system going out. 5) The POSTROUTING chain applies actions just before packets leave the system, either to their network destination or further routing .

Iptables supports two types of targets: Terminating and Non-Terminating targets. Terminating targets, like 'Accept,' 'Drop,' and 'Reject,' stop further rule evaluation in a chain, decisively influencing packet flow. Non-Terminating targets perform an action and proceed to the next rule in the chain, allowing multiple actions to be applied sequentially to a packet, giving detailed control over the processing path .

Iptables significantly enhances Linux security by providing granular control over network traffic, allowing users to define precise rules for packet filtering, address translation, and header manipulation. This complements Linux's inherent security features, such as mandatory password authorizations, by further protecting against malicious network-based threats, increasing defense against cookies, spam, and phishing that standard OS-level protections may not fully address .

The chain placement determines when and how rules are applied within the packet's lifecycle. For instance, rules in the PREROUTING chain affect packets before routing decisions are made, potentially redirecting traffic early. The INPUT chain impacts only those packets destined for the local machine, while the FORWARD chain handles transit packets, influencing routing decisions. This strategic placement ensures rules are applied at stages where they have maximum effect on traffic flow and security .

Iptables can be meticulously configured to filter out spam and block unwanted connections by setting rules that match known threat patterns, such as blocking IP ranges typically associated with malicious activity, filtering packet content to reject known spam structures, and using the Mangle table to modify IP headers to redirect or drop suspicious traffic. These configurations allow network administrators to adaptively shield systems from evolving threats .

The RAW and Security tables play specialized roles compared to the main tables. The RAW table is used for connection tracking by marking packets as part of an ongoing session, thus bypassing normal connection tracking rules. The Security table applies SELinux security context marks on packets, influencing how SELinux interprets and handles these packets, adding a layer of security context processing that's distinct from the filtering, address modification, and IP header alterations in the main tables .

You might also like