IPTABLES

How to use iptables

IPTABLES

GET STARTED WITH IPTABLES

  1. Disable any other firewall:

    By default most linux distros use iptables, but due to it’s complexity they offer end users with a front end, in ubutntu we have ufw ‘uncomplicated firewall’. In RedHat we have systemd and firewalld responsible for the routing rules

  2. Persist iptables saves before starting:

    iptables rules need to be persisted and its stored under /etc/iptables, by default ‘iptables-persistent’ which the package responsible for writing it’s configuration to this directory

    This is why we need to install it:

    Lets see all the iptables packages: sudo apt list iptables* 

    azureuser@server:~$ sudo apt list iptables*
Listing... Done
iptables-netflow-dkms/focal-updates 2.4-2ubuntu0.5 amd64
iptables-persistent/focal-updates,now 1.0.14ubuntu1 all 
iptables/focal-updates,now 1.8.4-3ubuntu2.1 amd64 [installed,automatic]

    Now, let’s install it: sudo apt install iptables-persistent

  3. Turn your linux into a router!

    💡 IMPORTANT NOTE: Turning your wifi into a router will possible cause excessive processing or network traffic, leading to performance issues

    For that, linux do not allow traffic to flow between interfaces and this is why we need to enable that

    The sysctl.conf is not an iptable config file but its a kernel configuration file

    sudo vim /etc/sysctl.conf

    inside this file search for :

    # Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

    uncomment it to activate Ip forwarding. If you want to start this immediately you have let the kernel know that:

    sudo sysctl -p

    and now everything is being written to disk inside /etc/iptables

    sysctl: is used to view and modify kernel parameters (also known as sysctl variables) on a running system.

  4. Check iptables rules!

    For that let’s head to /etc/iptables

    azureuser@server:~$ ls /etc/iptables
rules.v4  rules.v6

    let’s check the content related to IPV4 :

    sudo vim /etc/iptables/rules.v4

    Hmmm, you might see some complex stuff, let’s break it down. This is the output 

    # Generated by iptables-save v1.8.4 on Thu Aug 10 10:15:41 2023
*filter
:INPUT ACCEPT [5245:912294]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6203:1531528]
COMMIT

    The rules are organized in chains within the filter table, and here's a brief explanation of each section:

    :INPUT ACCEPT [5245:912294]:

    • This rule defines the default policy for incoming traffic (INPUT chain).

    • It specifies that the firewall should accept all incoming packets.

    • The numbers in square brackets indicate packet and byte counters.

    :FORWARD ACCEPT [0:0]:

    • This rule defines the default policy for forwarded traffic (FORWARD chain).

    • It specifies that the firewall should accept all forwarded packets.

    • The numbers in square brackets represent packet and byte counters, which are both initially set to zero.

    :OUTPUT ACCEPT [6203:1531528]:

    • This rule defines the default policy for outgoing traffic (OUTPUT chain).

    • It specifies that the firewall should accept all outgoing packets.

    • The numbers in square brackets indicate packet and byte counters.

    COMMIT:

    • This keyword marks the end of the rules and commits the changes to the firewall configuration.

    • Any rules added after this point will be part of the active firewall ruleset.

    • It indicates that the rules defined above are complete and should take effect.

    Right now i am allowing every thing, this is a true router but not a firewall. It’s not filtering anything

  5. Let’s Configure NAT as an example:

    💡 Quick note: Sometimes configuring iptables rule via the command-line instead of modifying the file, is better and much easier because you can spot typos!

    Lets learn a new command :

    sudo iptables -t nat -A POSTROUTING -j MASQUERADE

    -t nat: t Specifies the table in which the rule should be added. This specifies that we're working with the "nat" table,

    -A POSTROUTING: A stands for append. This indicates that the rule is being added to the "POSTROUTING" chain. This chain is typically used for modifying packets as they are about to leave the network interface

    -j MASQUERADE: j flag is used to specify the "target" or "jump" action for a rule. This specifies the target of the rule, which is "MASQUERADE." When MASQUERADE is used in the POSTROUTING chain, it's commonly used for dynamic source NAT (SNAT). It replaces the source IP address of outgoing packets with the IP address of the outgoing interface

    This NAT everybody, so we must be specific:

    azureuser@server:~$ sudo iptables -t nat -s 10.0.0.0/24 -A POSTROUTING -j MASQUERADE

    Now i am usong the -s to specify a source

  6. View IPTABLES config:

    sudo iptables-save

    Now, i know that this sounds like this command is going to save the rules, but it actually doesn’t, it outputs on the screen the config

    Now let’s save it:

    sudo iptables-save | sudo tee /etc/iptables/rules.v4

PreviousEmail Service (SMTP,IMAP)NextMore About Iptables

Last updated