ipchains A packet-filtering Firewalls supported by Linux distributions
Description A firewall is a basic and essential component of any network security system. ipchains is a packet-filtering firewall for Linux distribution. ipchains does not look at the content of the packet but the header.
Objective Knowing about the packet-filtering firewall working Teach basic firewall scripting and rule definitions
System Requirements & install Linux distribution with kernel version 2.1.x or above. Linux kernel built-in If support ip_tables, its needs Linux distribution with kernel version 2.3.x or above
Challenge Procedure 1. Create shell variables for better scripting 2. Properly secure the firewall script 3. Establish a deny-all policy 4. Allow loopback traffic 5. Allow outbound web traffic 6. Create ingress and egress filters. 7. Restore the default firewall script.
Basic format of an ipchain rule ipchain –A|I chain –i interface [-p protocol] [-s source address [port[:port]]] [-d destination address [port[:port]]] -j action [-l] -A|I: append or insert chain: input, output, forward -p: ICMP, UDP, TCP, all -j: allow, deny, reject -l: log
Step-by-Step (0) pre-scan the local status
Step-by-Step (1) Define variables in firewall.sh
Step-by-Step (2) vi firewall.sh sh firewall.sh
Step-by-Step (3) scan after the firewall open scan by nmap –P0 –sT
Step-by-Step (4) Enable the loopback interface
Step-by-Step (4) rescan the loopback interface
Step-by-Step (5) rescan the loopback interface by an external address
Step-by-Step (5) All for outbound web traffic
Step-by-Step (5) Block inbound packets from private address
Step-by-Step (5) Block outbound packets from private address
Step-by-Step (6) Show the ipchains rule
Step-by-Step (7) Flush the ipchains rule
ipchain log Apr 28 01:38:28time and date wwwmachine name kernel:record by kernel Packet log:message from ipchain inputthe rule REJECTthe rule’s target eth0interface PROTO-1protocol number (ICMP=1) (TCP=6) :8source ip address and port :0destination ip address and port L-60packet’s length S-0x00Type of service I-7476IP’s ID F-0x0000IP fragement T-32 Time to Live
Summary & what do you learn? Firewalls are one the basic component of network perimeter to determine what traffic should be allowed in or out of the network. A packet-filtering firewall make it blocking decisions based on the data contained in the packet header.