Changes

Jump to: navigation, search

OPS235 Lab 6 - CentOS7

1,680 bytes removed, 17:42, 4 May 2015
no edit summary
{| width="40%" align="right" cellpadding="10"
|- valign="top"
|{{Admon/note | | '''[http://en.wikipedia.org/wiki/Iptables Iptables] is the built-in firewall for LINUX'''. Iptables is a '''list of rules'''. While this program can be controlled by different GUIs, we are going to investigate the powerful command line interface for this program to choose what Each rule is placed into a particular chain and when data is allowed sent '''into''', '''out of ''' or '''through''' a PC the data .If a rule is matched, it must “jump” to a '''condition'''. Simple conditions include '''ACCEPT''', '''DROP''' and '''LOG''' but there are also more complex conditions that can be applied and through our computerthere is even the option to create your own conditions.
EssentiallyWhen using iptables, Iptables is a list of rules. Each rule is placed into a particular chain and when data is sent into, out of or through a PC the data '''Filter''' table is checked against important; it contains these rules. If the data matches a particular rule, it then must “jump” to a condition. Simple conditions include ACCEPT, DROP and LOG but there are also more complex conditions that can be applied and there is even the option to create your own conditions.'''three chains''':
Iptables consists of multiple tables, each containing one or more chains of rules. For firewall purposes, the FILTER table is important; it contains these three chains: – INPUT, OUTPUT and FORWARD. Here as brief explanation of these chains. *'''OUTPUTINPUT:''' – When you want to do some research on the Web for something, you open a browser on your PC and navigate to http://www.google.ca. When you do you Packets are attempting to establish an HTTP or HTTPS session with checked against the web server at http://www.google.ca. A data packet is built with appropriate IP and TCP information and sent out of your computer but before it goes out to the Internet it will be compared to all of the rules in the OUTPUT INPUT chain to see if this data it is '''allowed to go “out” of into''' the PC. If it is not allowed then the packet is dropped. :*'''INPUTOUTPUT:''' – If your data was allowed out and a request was sent to http://www.google.ca, this web server will send data back to your PC with an acknowledgement. Before this data can be processed by your browser, it must first be Packets are checked against the INPUT OUTPUT chain to see if it is <u>allowed into to go outside</u> of the PC. If it is, your browser will process the data and move to it's next task. If it is not, the packet will be dropped. :*'''FORWARD:''' – LINUX PC's are often used as routers or gateways for other PC's. This means that data may have to be passed through this LINUX box, but the data is not intended for the LINUX PC nor is it being sent by the LINUX PC. Even though the data will go into this PC and it will exit this PC, the INPUT and OUTPUT chains do not apply here. Because the PC is acting as a router it does not actually send or receive data, it <u>FORWARDS </u> data from one machine to another. When this process happens, the data is checked against the FORWARD chain to see if it is allowed through. If it is the router will forward the data to it's destination. If not, the packet is dropped.}}
|}
13,420
edits

Navigation menu