Post

Iptables

One of the most common and simplest uses for a Linux server on a local network is to simply share your Internet connection.

The advantage of using a dedicated server instead of just sharing through a router is that you can include other services, such as a proxy (an intermediary for page caching and other access rules) through an iptables firewall; a SAMBA server, which shares files and resources with the internal network; a print server; and so on.

From a security standpoint and even for ease of configuration, it is always advisable to use a server with two network cards, separating traffic coming from the Internet from traffic on the local network.

With two cards, it becomes easier to manage the appropriate firewall rules to block access from the Internet and, at the same time, allow traffic coming from the local network.

What is iptables? (for newbies)

Imagine your computer is a house, and the internet is like the outside world. The doors and windows of your house are the ways that things can get in and out. iptables is like the security guard of your house. It decides what is allowed to come in, what is allowed to go out, and what should be blocked.

IPtables is a powerful packet filtering firewall built into the Linux kernel. It provides granular control over network traffic, allowing you to block, allow, or modify packets based on various criteria, such as source and destination IP addresses, ports, protocols, and more.

How does iptables work?

Packet Inspection: When a packet enters or leaves your Linux system, IPtables intercepts it and inspects its headers and contents.

Rule Matching: IPtables compares the packet against a set of rules defined by the administrator. These rules specify conditions for matching packets, such as source/destination IP addresses, ports, protocols, and other criteria.

Action Taking: Based on the rule match, IPtables takes an action. This action can be:

  1. ACCEPT: Allow the packet to pass through.

  2. DROP: Discard the packet.

  3. REJECT: Send an error message back to the sender.

  4. LOG: Log the packet information to a system log.

  5. MASQUERADE: Hide the source IP address of the packet.

  6. SNAT: Source Network Address Translation, which translates the source IP address of a packet to a different IP address.

  7. DNAT: Destination Network Address Translation, which translates the destination IP address of a packet to a different IP address.

Chain Processing: IPtables organizes rules into chains. There are three main chains:

  1. INPUT: For packets entering the system.

  2. FORWARD: For packets passing through the system.

  3. OUTPUT: For packets leaving the system.

  4. PREROUTING: Before packets are processed by the routing subsystem.

  5. POSTROUTING: After packets are processed by the routing subsystem.

Why use iptables?

Desktop View note. simple firewall concept image

iptables helps protect your computer from unwanted traffic, keeps your network secure, and gives you control over what enters and leaves your system. It’s an essential tool for managing security on Linux systems, even though it might seem a bit complex at first.

Example

To block all incoming traffic on port 22 (SSH), you can use the following command:

iptables -A INPUT -p tcp --dport 22 -j DROP

This rule adds a new rule to the INPUT chain, blocking any incoming TCP packets on port 22.

This post is licensed under CC BY 4.0 by the author.