1,234
edits
Changes
→OBJECTIVE & PREPARATION
{{Admon/important |firewalld|In this course, we will be using ''iptables'', '''<u>not</u>''' ''firewalld''. Although firewalld can present information in the familiar iptables format, learning both would be too advanced at this point of learning Linux network administration.<br>In the first labs [httphttps://zenitwiki.senecaccdot.onsenecacollege.ca/wiki/index.php/OPS335_Installation_Lab#Using_iptables OPS335_Weekly_Schedule Prep for Labs], you should have disabled and stopped the firewalld service: .<br><br>You can also check the status of the firewalld service by issuing the [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd#systemd_Command_Usage systemctl] command. You can also check if the firewalld service is running by issuing '''iptables -L''' and noting a high volume of unexpected output (i.e. "a strange result").
}}
=== Online Resources===
* [https://en.wikipedia.org/wiki/Iptables#Overview Overview] A excellent concise overview of iptables (ignore diagram).
* [https://wiki.centos.org/HowTos/Network/IPTables CentOS Wiki] Listing of basic commands (not all required to know).
'''There are some important things to be aware of in terms of this diagram:'''
:*There are '''<u>two sets</u> ''' of IPtables rules (chains) that apply:''' '''OUTPUT/INPUT on the client''' and '''INPUT/OUTPUT on the server'''.<br>It is important to think about trafic from the perspective from the client as well as the server.
:* '''Outbound traffic is rarely blocked <u>unless</u> there is a security policy to <u>prevent</u> some kind of traffic'''.<br>Even in that case, that security policy is usually performed on a router.
:* '''Inbound traffic is of two distinct types'''. Our diagram shows:
::# '''New incoming <u>connections</u>''' (what you normally think of as '''<u>inbound traffic</u>'''): the web server receives a '''new incoming connection'''.::# '''Incoming <u>data</u> that client receives as a response from the server''': the web page that the server sent back in the diagram above.
::::The analogy would be like making a '''telephone call''':<ul><li>A '''NEW''' packet is like the phone ringing</li><li>An '''ESTABLISHED''' packet is the connection and the packet says "hello", along with any further communication.</li><li>A '''RELATED''' packet would be the same person calling on a second line. (eg. a second connection that is made because of something that happened in the first, like an ftp transfer).</li></ul>
::::We normally don't want to do anything special for the response. It is safe to assume that '''a connection that was allowed to be established should be allowed to receive a response'''. This is accomplished with the following '''INPUT chain rule''' that should be there by default on your machines:<br>
::# For the ''request'', the '''source port (sport) for the example in the above diagram is 40112''' and the '''destination port (dport) is 80'''
::# For the ''response'', the '''source port (sport) is 80''' and the '''destination port (dport) is 40112'''
::# Since the '''RELATED,ESTABLISHED''' rule already exists, we are only concerned about <u>'''controlling'''</u> the '''incoming traffic on the server''', which in our example, the '''chain is: INPUT''', the '''protocol is: tcp''', and the '''destination is: port 80'''.
:* '''Basically, most other services work in a similar way as discussed above'''.
:** HWADDR (MAC Address)
:** Network Interface name
:The best way to learn that is to <u>'''practice'''</u>.
'''Record essential concepts from this section into your OPS335 lab log-book'''
=INVESTIGATION 1: PREPARATION & GETTING TO KNOW IPTABLES=