Upload
aamodt
View
971
Download
2
Embed Size (px)
DESCRIPTION
Short presentation on IP tables (5-6 min)
Citation preview
IPtablesIPtablesBy Thomas AamodtBy Thomas Aamodt
Goals of PresentationGoals of Presentation
• History about the linux firewall• Introduction of iptables
• Stateful inspection• Address translation• Packet mangling• Logging
• Protection
HistoryHistory
• Ipfirewall (Ipfw) 1994• Made by Alan Cox
• Ipchains/Iptables 1998/1999• Made by Rusty Russell
Introduction of iptablesIntroduction of iptables
• Netfilter Module• Kernel based• Examines packets
• Run on low Computer power• Built-in iptables Chains: INPUT,OUTPUT
and FORWARD
Stateful InspectionStateful Inspection
• Increased network security• Checks header infromation
• Iptables options: NEW,RELATED,INVALID,ESTABLISHED
Address TranslationAddress Translation
• Network Address Translation (NAT)• Transforms IP addresses• Most common use is Masquerading
• Iptables options: DNAT,SNAT,REDIRECT
Packet ManglingPacket Mangling
• Change/modify packets• Example prioritize traffic with TOS
• TOS options
• Iptables options: PREROUTING,POSTROUTING
LoggingLogging
• Log prefix notes
• Iptables options: LOG
Basic commands and tricksBasic commands and tricks
• Variables• Module Loading• Enable IP forwarding
• Flush rules• Flush nat tables• Flush Chains• Diffrent JUMPS (targets)• Policyes
Basic commands and tricksBasic commands and tricks
• Create new chains• Rules
• Make bash scripts to simplify your job!
ProtectionProtection
• Protection agains IP Spoofing• Make sure all NEW tcp packets are SYN
• SYN flood protection / DOS protection
SummerySummery
• First Delevloped for linux by Alan Cox• IPtables Delevloped by Rust Russell• States to run your iptables firewall on• Commands and Tricks• Protection