_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: iptables -L var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Wednesday, December 1, 2010

iptables -L

Recently I decided to teach myself how to use iptables. The concept always made a lot of sense, however until I forced myself to actually use it, my understanding was incomplete. Iptables is a host based firewall implemented in Linux. INPUT defines what traffic can reach the host and OUTPUT defines what traffic can leave the host.

The iptables are typically found at /etc/sysconfig/iptables. You can open this file, as root with your favorite text editor, but it is much easier to interpret using the iptables -L command to list the rules. Saving your changes is accomplished with the command iptables-save.

To help you be more specific in your rule declarations, switches available that include --sport for source port, --dport for destination port -s for source, -d for destination and -p for protocol.

The -A switch appends the rule at the end of the list. The -I switch enters the rule as a rule number, the default being the first. The -D switch is used to remove a specific rule. Review the rules again with iptables -L to make sure the flow of the rules is what you expect. The alternative is to create a condition where a new rule may never execute. 


#Create new rule to allow inbound traffic from time.nist.gov on port 123 to on port 123
INPUT: iptables -I INPUT -s --sport 123 -d --dport 123 -j ACCEPT

#Create new rule to drop outbound traffic to www.cnn.com
OUTPUT: iptables -I OUTPUT -d  -j DROP

Useful links:

No comments:

Post a Comment