13,420
edits
Changes
no edit summary
</code>
<br><br>
<ol><li value="5">We will now use a '''while ''' loop to read every line in the network configuration file and store into an array as a separate array element. Add the following content to your shell script editing session:</li></ol>
<code style="color:#3366CC;font-family:courier;font-size:.9em;margin-left:20px;font-weight:bold;">
<br>
</code>
<br><br>
<ol><li value="6">Finally, we will '''generate a web-page document''', use a loop to printout the results of the data (stored in an array) and open the web-page document in the '''firefox''' web-browser.</li></ol>
<code style="color:#3366CC;font-family:courier;font-size:.9em;margin-left:20px;font-weight:bold;">
<br>
Since Linux servers can be connected to the Internet, it is very important to run a firewall to control what comes into the computer system, what goes out of the computer system, and what may be forwarded to another computer. A utility called '''iptables''' can be used to set the firewall rules on a Linux server.
Basically, there is a list ('''chain''') of policy rules that <u>'''packets '''</u> must pass-through in order to handle packets. If a packet matches a rule, then an action is taken (some examples include: '''ACCEPT''', '''DROP''', '''REJECT''', or '''LOG'''). If the packet passes through the chain of rules without a match, then the packet is directed to the default policy chain (for example: ''ACCEPT'', ''REJECT'', or ''DROP'').
You can create your own '''customized chains''' (which you will learn in the OPS335 course) but to keep thing simple, we only deal with 3 '''common predefined chains''':
:*'''INPUT''': Packets coming into current Linux server
==== Setting Default Policy and Policy Exceptions with iptables ====
Usually when setting policy rules with iptables, a general "overall" policy is set (default policy chain), and then set policy rules in other chains which act as exceptions to the default policy. Usually, a A general policy would apply to ALL types of packets (tcp, udp, icmp) and all communication port numbers (80, 22, etc).
The option <b><code><span style="pointer-events: none;cursor: default;color:#3366CC;font-size:1.5em;">-P</span></code></b> is used with the iptables command to set a default policy chain.
<table width="100%" cellpadding="10" cellspacing="0" border="1">
<tr>
<td width="3040%">'''iptables -A INPUT -p tcp --sport 80 -j ACCEPT'''</td><td>Append policy to <u>'''bottom'''</u> of INPUT chain to accept all tcp packets from port 80</td>
</tr><tr>
<td>'''iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT'''</td><td>Append policy to <u>'''bottom'''</u> of OUTPUT chain to accept all tcp packets to port 80</td>
:'''Perform the following steps:'''
# Flush all of your iptables rules by issuing the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">iptables -F</span></code></b>
# Verify there are no iptables rules by issuing the command: <b><code><span style="color:#3366CC;font-size:1.2em;">iptables -L</span></code></b>
# Make a backup of the file '''/etc/sysconfig/iptables''' by issuing the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables.bk</span></code></b>
#To make the iptables rules '''persistent''' (i.e. keeps rules when system restarts), you issue the command: <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables-save > /etc/sysconfig/iptables</span></code></b>