Netfilter
GNU/Linux Kernel version 2.4+
IP Packet Filtering Firewall
● iptables: is used to set up, maintain, and inspect
the tables of IP packet filter rules in the Linux Kernel
● Several different tables may be defined, they are:
filter, nat and mangle table
filter, nat and mangle table
● Ecah table contains a number of builtin chains
and may also contain userdefined chain
Chains, rules and targets
● Each chain is a list of rules which can match a
set of packets
● A firewall rule specifies criteria for a packet and
a target
● A target can be the name of a userdefined chain
Tables and builtin chains
Filter Table's builtin chains:
● INPUT chainNetfilter flowchart
Inbound
packets PREROUTINGMangle, nat Chain
Routing Decision
Mangle, filter
INPUT Chain ProcessLocal
Mangle, filter FORWARD Chain POSTROUTING Chain Outbound Packets
Basic iptables syntax
iptables [t tables] [options] chain [match] [target]
● iptables [-t table] [-ADC] chain rule-specification
[options]
● iptables [-t table] -I chain [rulenum] rule-specification
[options]
● iptables [-t table] -R chain rulenum rule-specification ● iptables [-t table] -D chain rulenum [options]
● iptables [-t table] -{LFZ] [chain] [options] ● iptables [-t table] -N chain
● iptables [-t table] -X [chain]
● iptables [-t table] -P chain target [options]
MAC match options
iptables [t tables] [options] chain [match] [target]
Example:
iptables -A INPUT -m mac --mac-source 00:05:0A:1B:2D:3E -j ACCEPT
iptables -A INPUT -m mac –mac-source ! 00:05:0A:1B:2D:3E -j ACCEPT
Owner match options
Matching User ID, Group ID, or Process ID
Example:
open other dynamic ports
● Use similar script to capture the UDP and TCP
ports for all the other daemon
● Use the appropriate iptables commands to open
