IPtablesIPtablesBy Thomas AamodtBy Thomas Aamodt

Goals of PresentationGoals of Presentation

• History about the linux firewall• Introduction of iptables

• Stateful inspection• Address translation• Packet mangling• Logging

• Protection

HistoryHistory

• Ipfirewall (Ipfw) 1994• Made by Alan Cox

• Ipchains/Iptables 1998/1999• Made by Rusty Russell

Introduction of iptablesIntroduction of iptables

• Netfilter Module• Kernel based• Examines packets

• Run on low Computer power• Built-in iptables Chains: INPUT,OUTPUT

and FORWARD

Stateful InspectionStateful Inspection

• Increased network security• Checks header infromation

• Iptables options: NEW,RELATED,INVALID,ESTABLISHED

Address TranslationAddress Translation

• Network Address Translation (NAT)• Transforms IP addresses• Most common use is Masquerading

• Iptables options: DNAT,SNAT,REDIRECT

Packet ManglingPacket Mangling

• Change/modify packets• Example prioritize traffic with TOS

• TOS options

• Iptables options: PREROUTING,POSTROUTING

LoggingLogging

• Log prefix notes

• Iptables options: LOG

Basic commands and tricksBasic commands and tricks

• Variables• Module Loading• Enable IP forwarding

• Flush rules• Flush nat tables• Flush Chains• Diffrent JUMPS (targets)• Policyes

Basic commands and tricksBasic commands and tricks

• Create new chains• Rules

• Make bash scripts to simplify your job!

ProtectionProtection

• Protection agains IP Spoofing• Make sure all NEW tcp packets are SYN

• SYN flood protection / DOS protection

SummerySummery

• First Delevloped for linux by Alan Cox• IPtables Delevloped by Rust Russell• States to run your iptables firewall on• Commands and Tricks• Protection