Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - Fedora17

5 bytes removed, 16:06, 4 March 2010
Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration
=== Investigation 8: How do I view and configure the IPTABLES firewall? -- Basic Function/Configuration ===
{{Admon/note | Please take note! | [http://en.wikipedia.org/wiki/Iptables Iptables] is the built-in firewall for LINUX. While this program can be controlled by different GUI's, we are going to investigate the powerful command line interface for this program to choose what data is allowed into, out of and through our computer.
Essentially, Iptables is a list of rules. Each rule is placed into a particular chain and when data is sent into, out of or through a PC the data is checked against these rules. If the data matches a particular rule, it then must “jump” to a condition. Simple conditions include ACCEPT, DROP and LOG but there are also more complex conditions that can be applied and there is even the option to create your own conditions.
</pre>
{{Admon/note | Take Note | Each chain has a default policy. In my example here the default policy is ACCEPT. This means that if data packets are checked and there is no rule that matches that packet in the chain the data will be allowed to pass to it's destination. Conversely, if the policy is set to DROP then the packet will be dropped if there is no match.
See the MAN page for <code>iptables</code> for detailed information on switches and options.}}
Note that <code>iptables</code> commands (as well as all other Linux commands) are case sensitive. Check your syntax carefully.}}
3. * Now try on your own to change the default policies for the OUPUT and FORWARD chains to DROP* Write the commands you executed in your lab book.* Can we mix these policies? Try to set the FORWARD chain policy to ACCEPT. Did it work?
Write the commands you executed in your lab book.'''Testing policies'''
4* Execute the command <code>iptables -L</code> and check that the policies on your INPUT and OUTPUT chain are set to DROP* Open a browser and attempt to access the Internet. Can we mix these Were you successful?* Using the commands you have learned so far, change the policies? Try to set on the FORWARD chain policy INPUT and OUTPUT chains to ACCEPT* Open your browser and attempt to access the Internet again. Did it workWere you successful?
Testing policies 5. Execute the command iptables -L and check that the policies on your INPUT and OUTPUT chain are set to DROP Open a browser and attempt to access the Internet. Were you successful? 6. Using the commands you have learned so far, change the policies on the INPUT and OUTPUT chains to ACCEPT Open your browser and attempt to access the Internet again. Were you successful? 7. * Change the policies on all of the chains to DROP 8. * In the OUTPUT chain, add the following rule: '''** <code>iptables -A OUTPUT -j LOG'''</code>* The above rule tells <code>iptables </code> to log packets and relevant information to <code>/var/log/messages</code>. * This entry in the OUPTPUT policiy OUTPUT policy will therefore log all packets being sent out of the machine. * Try to access the Internet again. Because the policies have been set to DROP, you should be unsuccessful. However, every packet of data that your PC attempted to send out was logged. Let's have a look at the log file and analyze the data. 9. Execute the following command: '''** <code>tail /var/log/messages'''</code>
This command by default shows us the last 10 lines of the file. While there are many things being logged to this file, the last thing we did was try to access the Internet so we should be able to see the data we need. Look for a line that looks similar to the following:
9
edits