OPS535 Linux Firewall Review

From CDOT Wiki
Revision as of 01:25, 17 January 2021 by Rchan (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • Text book: Chapter 13

Concepts

  • Netfilter/iptables with iptables(legacy)
  • Netfilter/nftables with iptables(nt_tables)
  • firewall with firewalld (front end for netfilter/iptables and netfilter/nftables)

Command line tools

  • iptables
  • ip6tables
  • arptables
  • ebtables
  • nft
  • firewall-cmd

iptables

  • raw table
    • PREROUTING chain
    • OUTPUT chain
  • managle table
    • PREROUTING
    • INPUT
    • FORWARD
    • OUTPUT
    • POSTROUTING
  • nat table
    • PREROUTING
    • INPUT
    • OUTPUT
    • POSTROUTING
  • filter table
    • INPUT
    • FORWARD
    • OUTPUT
  • security table
    • INPUT
    • FORWARD
    • OUTPUT

rules

iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
          |---------------| |---------------| |--------|
           where and when     match spec.       action

nft

  • table ip filter
  • table ip security
  • table ip raw
  • table ip mangle
  • table ip nat
  • table inet firewalld
  • tables ip firewalld

man pages

  • man iptables
  • man nft
  • man firewall-cmd