Tuesday, August 19, 2008

Summary script for IPTABLES

iptables acctualy use for firewall script in linux with kernel 2.4 above.
some time peopple use tool for make security system in linux. among software security tool for make script like arno's iptables , wonder shaper , Linux Firewall and NAT for DSL , Easy firewall, and the other.

so i wan to make summary becasue acctualy i willy hapy if i write script manual.

_____________________________________________________________________________________

Logging connections with IPtables

Logging ALL incomming and outgoing traffic


iptables -A OUTPUT -j LOG
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
iptables -t nat -A PREROUTING -j LOG
iptables -t nat -A POSTROUTING -j LOG
iptables -t nat -A OUTPUT -j LOG

Description: Above commands will enable logging for all input/output/forwarded/routed traffic in /var/log/messages file. (Log file depend on syslog setting).

A Customized Logging Chain to Log all ssh connections


iptables -N LOGIT # special chain to log all except fragments
iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags
iptables -A LOGIT -j LOG
iptables -A LOGIT -j RETURN

Above commands will create a new chain LOGIT and will set it to log all except fragments. Now lets use this chain.

iptables -A INPUT -p tcp --dport 22 -j LOGIT

Description: It will log all connections to port 22 (SSH).

Below is the complete shell script for above loging.
 
#!/bin/bash
iptables -N LOGIT # special chain to log all except fragments

iptables -A LOGIT -m state --state ESTABLISHED -j RETURN # don't log frags
iptables -A LOGIT -j LOG
iptables -A LOGIT -j RETURN

iptables -A INPUT -p tcp --dport 22 -j LOGIT
#end

Reverse script to delete above iptables config. 
#!/bin/bash

iptables -D LOGIT -m state --state ESTABLISHED -j RETURN
iptables -D LOGIT -j LOG
iptables -D LOGIT -j RETURN

iptables -D INPUT -p tcp --dport 22 -j LOGIT
iptables -X LOGIT


#end
_________________________________________________________________________________________________

Blocking traffic with IPtables

Blocking an IP (Drop connection)

Example: iptables -A INPUT -s 192.168.0.1 -j DROP

Blocking an IP (Rejecting connection)

Example: iptables -A INPUT -s 192.168.0.1 -j REJECT

Blocking access of an ip to a certain port

Example: iptables -A INPUT -p tcp -s 192.168.1.50 --dport 110 -j REJECT
Description: This will reject connection from 192.168.1.50 at port 110.
Example: iptables -A INPUT -p udp -s 192.168.1.50 --dport 52 -j REJECT
Description: This will reject udp traffic from 192.168.1.50 at port 52

Blocking All Incomming Traffic at a port

Example: iptables -A INPUT -p tcp --dport 110 -j REJECT
Description: This will reject ALL Incomming connections/Traffic at port 110.

Blocking Incomming Pings

Example: iptables -A INPUT -p icmp -j DROP
Description: Usefull to protect against automated network scans to detect live ips.

Blocking access to an external ip from within your server

Example: iptables -A OUTPUT -p tcp -d 192.168.1.50 -j REJECT
Description: This will block access to 192.168.1.50 from with in your server. Means your server users can not access that ip from with in the server

Blocking access to an external port of an external ip

Example: iptables -A OUTPUT -p tcp -d 192.168.1.50 --dport 25 -j REJECT
Description: Port 25 of 192.168.1.50 will not be accessable from with in your server

Routing with IPtables

Redirecting a tcp port to another port

Example: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
Description: Port 80 will be redirected to port 8080, Means if you will connect at port 80 of this server then you will actually connected to 8080

Redirecting traffic from specific ip at a tcp port to another port

Example: iptables -t nat -A PREROUTING -p tcp -s 192.168.1.40 --dport 80 -j REDIRECT --to-ports 8080
Description: All traffic from 192.168.1.40 at Port 80 will be redirected to port 8080, Means if 192.168.1.40 will connect at port 80 of this server then it will actually connected to 8080
Note: REDIRECT target can be used only to redirect traffic to the machine itself. To route traffic to other places, Use DNAT (see below)

Routing traffic from specific port to another server


Example:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.10 --dport 72 -j DNAT --to 33.55.37.226:25
Description: Above commands will route the traffic for port 72 of ip 10.10.10.10 to port 25 of ip 33.55.37.226 .
Listing and Deleting current rules

Example: iptables -L
Description: It will list all chains and rules

Example: iptables -L chain_name
Description: It will list all rules in a specific chain

Example: iptables -D LOGIT -j LOG
Description: It will delete the specific rule. The rule must be exact as it was executed.

Example: iptables -F chain_name
Description: It will delete all rules in chain_name

Example: iptables -F
Description: It will delete all rules in all chains 


this article i catch from http://www.openpages.info/,
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)