Linux Security Debian Slax Tiny Core Health

Security

Frugal Install

Encryption

Definitions

Iptables 1
Set Up a Simple Firewall

Iptables 2
Simplify the Setup

Iptables 3
Start the Firewall Automatically

Iptables 4
Change the Policy to Drop

Iptables 5
Logging

Iptables 6
Add Rules

Iptables 7
IP Address Blocks

Iptables 8
Add Chains

Iptables 9
Change Rules While in Use

Iptables Summary

Graphical Firewalls

Check for Malware

Erase Everything from a Hard Drive

Security Links


Other Links


Contact Details

Iptables 1

Set Up a Simple Firewall

For a Single Computer - Not a Network


Iptables

Iptables can control all traffic to and from the internet, and all traffic to and from other computers on a network. It comes already installed on most Linux distributions, so you can have it working before connecting to the internet, and keep your computer secure.


Malware

If you have been using the internet without a firewall, your computer may or may not be infected with malware. You can check for malware. If you find malware on your computer, it can usually be eliminated by reinstalling Linux. You can be sure it is removed, if you use DBAN to erase everything from the hard drive before reinstalling Linux.


Set Up a Simple Firewall

The following tutorial explains how to set up a simple Iptables firewall for a single computer.

If you are not familiar with some of the words used here, see Definitions.

Open the Root Terminal and type:

iptables -L

You must use a Root Terminal, not an ordinary terminal.

You must type commands exactly as they are, using lower case letters where there are lower case letters, capitals where there are capitals, and spaces where there are spaces. If you make a mistake and type something which is not a valid command, you will get a message after entering it, and need to type it again.

This command displays your Iptables setup. "Iptables" is the name of the program, and "-L" lists your Iptables set up. You can use this command any time to check your Iptables set up.

If you don't have a firewall set up, you will just see the headings. There will be three chains.

INPUT refers to anything coming into your computer.

FORWARD is used on a network, and refers to anything being passed to or from other computers.

OUTPUT refers to anything coming from your computer.

Let's start setting up the firewall.

Type:

iptables -A INPUT -i lo -j ACCEPT

This command tells Iptables to add a rule to the INPUT chain accepting loopback. Loopback refers to anything starting in your computer, and finishing in your computer, but passing through Iptables on the way. It has nothing to do with anything outside your computer. "-A INPUT" means append a rule to the input chain. Let's call it add instead of append. "-i lo" means the loopback interface. "-j" stands for jump, and this is where you specify what happens to anything where this rule is applicable. In this case it is accepted. Later, you can learn how to create additional chains. You can then use "-j" to jump packets to other chains.

If you now type:

iptables -L

You will notice this rule has been added to the INPUT chain.

Alternatively you can press the up arrow twice. The terminal displays previous lines, and you won't need to retype it. If you make a mistake at any time, you can also use the up arrow to display the line, and correct it, instead of retyping the whole line again. If you want to add a line which is similar to a previous one, you can use the up arrow to display the line, and modify it.

You can see more details if you type:

iptables -L -v

"-v" means verbose. Notice the difference. This gives more details.

Now type:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

This tells Iptables to add a rule to the INPUT chain, accepting anything established or related. "-m state" means match the state, and the state is established or related.

Next type:

iptables -A INPUT -p tcp --sport 80 -j ACCEPT

This tells Iptables to add a rule to the INPUT chain accepting any tcp protocol packets from source port 80. The world wide web uses port 80, so this rule accepts the world wide web.

Let's add another rule. You can use the up arrow, and just change the parts which are different.

iptables -A INPUT -p udp --sport 53 -j ACCEPT

This tells Iptables to add a rule to the INPUT chain accepting any udp protocol packets from source port 53. The domain name server uses port 53.

One more rule:

iptables -A INPUT -j DROP

This tells iptables to add a rule to the INPUT chain, to drop everything.

When each packet arrives, Iptables goes through the rules in the order they are written. If it is loopback it is accepted. If it is established or related it is accepted. If it is tcp protocol from port 80 it is accepted. If it is udp protocol from port 53 it is accepted. If it is none of these, it is dropped. This stops anything else coming into your computer.

You have a firewall.

You can check your set up by typing:

iptables -L

This simple firewall can now be used, and will work well if you just browse the world wide web. The way it is so far, it may prevent access to some things.

If you turn the computer off, the firewall set up will be lost.


< Definitions

Iptables 2 Simplify the Setup >

© Copyright Guy Shipard 2008 - 2009