
Firewall introduction. The most commonly used firewalls. The advantages of using Linux based iptables firewall.
What are different types of firewall available. What is filter, nat (snat,dnat) and mangle type of firewall. Which one is mostly used.
What is the importance of understanding direction in firewall. Why it is one of the most important thing to understand. What is INPUT direction. What is OUTPUT direction. What is FORWARD direction.
How we can determine what the firewall can do. What can be permitted/blocked by the firewall. How the OSI model can help us in understanding the functionality of firewall. Is the firewall going to block virus or not. The answer lies in properly understanding OSI model.
To understand IPTables firewall, we need proper lab setup. So to master firewall concept, we have created lab setup consisting of 4 VMs.
The 3 VMs c2 (192.168.0.2/24), client11 (172.24.0.11/16) and client31 (172.24.0.31/16) will act as client VMs. These VMs belongs to 2 different networks 192.168.0.0 and 172.24.0.0.
To make communication possible between these networks, we need 4rth VM (iptables-firewall) which will act as router as well as firewall. We implemented 4 servers (ssh, web server, ftp server, telnet server) and created 2 users (vipin, anantika) on this VM.
We implemented 4 servers (ssh, web server, ftp server, telnet server) on client11 VM and created 2 users (amit, rajiv).
We implemented 2 servers (web server, ftp server) on client31 VM.
We implemented 4 servers (ssh, web server, ftp server, telnet server) on c2 VM and created 2 users (aanya, nanu).
The IP address, servers and users details of the 4 Virtual Machines (VMs) in tabular form. We are also discussing about gateway address given to c2, client11 and client31 VMs.
We will be discussing about entries in "hosts" file. What is the purpose of these entries.
How to check the IP Addresses and Fully Qualified Domain Name (FQDN) of 4 VMs.
Demo of how to check IP addresses, hostname and "hosts" file on 4 VMs.
Why we have setup this type of lab? Will this lab be helpful in understanding various directions (INPUT, OUTPUT and FORWARD). Can this lab be useful for understanding NAT (SNAT and DNAT)? Why we have implemented so many servers on our VMs?
What are different ports and services. What do you mean by well known, registered and dynamic ports. What are the ports used by well known servers such as ssh, web server, ftp server and telnet servers.
* How to check whether ssh server is working or not?
* How to check whether web server is working or not?
* How to check whether ftp server is working or not?
* How to check whether telnet server is working or not?
How to access different servers? How to check whether our lab is working or not?
How to check connectivity between "client11" and "firewall".
How to check connectivity between "client31" and "firewall".
How to test whether our router functionality is working on "firewall" or not.
How to check connectivity between "c2" and "firewall".
How to check connectivity between "c2" and "client11" and vice versa.
How to check connectivity from "firewall" to "c2" and "client11".
The purpose of all the testing is to find out whether our lab is working perfectly or not.
If our lab is working properly, that means half of the work already done in understanding firewall. We are making this statement to emphasize the importance of proper lab setup.
The demo of testing connectivity among various VMs. Checking ssh, web, ftp and telnet connectivity in INPUT, OUTPUT and FORWARD directions.
What are the different utilities used in testing servers?
How to block traffic from single host (IP). Why we are adding the rule in INPUT direction.
Here we want to block "client11" (IP 172.24.0.11) from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
How to test that we have written the rule correctly.
Demo of how to block traffic from single host (IP). Why we are adding the rule in INPUT direction.
Here we want to block "client11" (IP 172.24.0.11) from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
How to test that we have written the rule correctly.
How to block all type of traffic from particular network. Why we are adding the rule in INPUT direction.
Here we want to block "172.24.0.0/16" network from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
How to test that we have written the rule correctly.
Demo of how to block all type of traffic from particular network. Why we are adding the rule in INPUT direction.
Here we want to block "172.24.0.0/16" network from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
How to test that we have written the rule correctly.
How to block all type of traffic from anywhere. Why we are adding the rule in INPUT direction.
Here we want to block all IPs from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
This type of rule is very useful when your network is under attack. You want to block access to everything fro anywhere.
How to test that we have written the rule correctly.
Demo of how to block all type of traffic from anywhere. Why we are adding the rule in INPUT direction.
Here we want to block all IPs from accessing anything on "firewall". We have to write rule on "firewall" for blocking this type of traffic.
This type of rule is very useful when your network is under attack. You want to block access to everything fro anywhere.
How to test that we have written the rule correctly.
How to block access to Apache web server running on "firewall" from "client11".
How to write the rule. Why having knowledge of writing this type of rule is very important. What things you have to keep in mind when filtering traffic based on ports.
When to use TCP/UDP.
Demo of how to block access to Apache web server running on "firewall" from "client11".
How to write the rule. Why having knowledge of writing this type of rule is very important. What things you have to keep in mind when filtering traffic based on ports.
When to use TCP/UDP.
How to block access to telnet and ssh server running on "firewall" from "client11".
How to write single rule for blocking multiple ports.
Demo of how to block access to telnet and ssh server running on "firewall" from "client11".
How to write single rule for blocking multiple ports.
How to save firewall rules. How to view saved rules.
Demo of how to save/view firewall rules.
How to restore firewall rules. Verify.
Demo of how to restore firewall rules. Verify.
How to block ICMP traffic in INPUT direction. We want to block ping to "firewall" from other systems in our lab setup.
After writing the rule, "c2" is not able to ping to "firewall".
but "firewall" is also not able to ping to "c2". Why? What is the problem?
Demo of how to block ICMP traffic in INPUT direction. We want to block ping to "firewall" from other systems in our lab setup.
After writing the rule, "c2" is not able to ping to "firewall".
but "firewall" is also not able to ping to "c2". Why? What is the problem?
Find what is wrong with previous rule. Rectify the problem.
What is the meaning of "echo-request" ICMP packets. How these types of packets can be used to properly write ICMP firewall rules.
Find what is wrong with previous rule. Rectify the problem.
What is the meaning of "echo-request" ICMP packets. How these types of packets can be used to properly write ICMP firewall rules.
What is the meaning of "echo-reply" ICMP packets. How these types of packets can be used to properly write ICMP firewall rules.
How can we use "echo-reply" ICMP packets to block ping from "firewall" to other VMs without writing rule in OUTPUT direction.
What is the meaning of "echo-reply" ICMP packets. How these types of packets can be used to properly write ICMP firewall rules.
How can we use "echo-reply" ICMP packets to block ping from "firewall" to other VMs without writing rule in OUTPUT direction.
How to list firewall rules.
Block ping in the forward direction by configuring forward chain rules for ICMP protocol, test connectivity between systems, and refine rules to block only ICMP requests rather than all ICMP.
This forward-direction demo shows configuring an iptables rule to drop ICMP ping traffic from a source to a destination, then testing with ping and verifying the block.
Block ping in the forward direction with iptables by specifying icmp type as request, adjust forward rules, then list and delete the targeted rule by line number.
Modify the previous iptables rule to block ICMP echo requests, verify the block with ping to client 11, then delete or adjust the rule to restore connectivity.
We want that "vipin" user should not be able to "ssh" from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
We will be using "owner" module for this purpose.
We want that "vipin" user should not be able to "ssh" from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
We will be using "owner" module for this purpose.
We want to block Ping from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
When we are using ping, we are sending “echo-request” (type 8) type of "ICMP" packets and in return we are getting “echo-reply” (type 0) "ICMP" packets.
Block "echo-request" ICMP packets originating from "firewall" and going towards "192.168.0.2". Now "firewall" will not be able to ping "c2" but "c2" will be able to ping "firewall".
We want to block Ping from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
When we are using ping, we are sending “echo-request” (type 8) type of "ICMP" packets and in return we are getting “echo-reply” (type 0) "ICMP" packets.
Block "echo-request" ICMP packets originating from "firewall" and going towards "192.168.0.2". Now "firewall" will not be able to ping "c2" but "c2" will be able to ping "firewall".
We want to block web access from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
Block web access to "172.24.0.11" from "firewall".
We want to block web access from "firewall".
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
Block web access to "172.24.0.11" from "firewall".
We want to block web access to "firewall" from "c2", "client11" and "client31" without writing rules in INPUT direction.
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
We want to block web access to "firewall" from "c2", "client11" and "client31" without writing rules in INPUT direction.
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
We want to block web access to "firewall" from "client11" without writing rules in INPUT direction.
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
We want to block web access to "firewall" from "client11" without writing rules in INPUT direction.
Why we are adding the rule in "OUTPUT" direction.
When we want to control the traffic originating from "firewall", we have to use "OUTPUT" chain
From "c2", try to "telnet" into "172.24.0.41" system. No such system exists, it will show error "no route to host". Solve the problem using "PREROUTING" chain and "DNAT".
Now we want to change the destination address of the packet from "172.24.0.41" to "172.24.0.11" ie we want to perform network address translation (NAT). In this particular case, we want to perform destination network address translation (DNAT).
"PREROUTING" chain is used for altering packets as they enter "firewall" ie before routing decision is made.
From "c2", try to "telnet" into "172.24.0.41" system. No such system exists, it will show error "no route to host". Solve the problem using "PREROUTING" chain and "DNAT".
Now we want to change the destination address of the packet from "172.24.0.41" to "172.24.0.11" ie we want to perform network address translation (NAT). In this particular case, we want to perform destination network address translation (DNAT).
"PREROUTING" chain is used for altering packets as they enter "firewall" ie before routing decision is made.
Welcome to "Mastering Iptables Firewall" a comprehensive course designed to empower you with the knowledge and skills needed to effectively configure and manage firewalls on Linux systems using the powerful iptables tool. In today's interconnected world, securing your Linux server is paramount, and iptables serves as a robust firewall solution, allowing you to control network traffic, enhance system security, and fortify your defenses against cyber threats.
Course Overview:
This course begins with an in-depth exploration of the fundamentals of iptables, providing you with a solid foundation in packet filtering, network address translation (NAT), and connection tracking. You will gain a deep understanding of how iptables operates at the kernel level, enabling you to create sophisticated firewall rules tailored to your specific security requirements.
Key Learning Objectives:
Understanding iptables Architecture:
- Delve into the inner workings of iptables, exploring its components, chains, and tables.
- Learn how iptables integrates with the Linux kernel to inspect and filter network packets.
Creating Effective Firewall Rules:
- Master the syntax for crafting iptables rules to control incoming and outgoing traffic.
- Explore the intricacies of rule ordering, allowing you to prioritize rules based on specific criteria.
Network Address Translation (NAT):
- Explore the role of iptables in performing NAT, facilitating the mapping of IP addresses and ports.
- Learn to configure iptables for source and destination NAT, enabling seamless communication across networks.
Connection Tracking and Stateful Inspection:
- Grasp the concept of connection tracking and how iptables maintains state information for active connections.
- Implement stateful firewall rules to enhance security by allowing or blocking traffic based on connection states.
Advanced Firewall Techniques:
- Dive into advanced iptables features, including the use of modules and extensions to extend functionality.
- Explore how to create and manage custom iptables chains for more granular control over network traffic.
Securing Services and Applications:
- Apply iptables rules to secure specific services and applications, such as web servers, SSH, and DNS.
- Implement best practices for firewall management to ensure a robust and secure Linux server environment.
Hands-On Labs and Real-World Scenarios:
Throughout the course, you will engage in hands-on labs and practical exercises, allowing you to apply theoretical concepts in a real-world context. Simulated scenarios will challenge you to devise iptables configurations that address common security challenges, reinforcing your understanding of firewall management.
Who Should Enroll:
This course is ideal for Linux system administrators, network engineers, and security professionals seeking to strengthen their expertise in securing Linux servers using iptables. Whether you are a beginner looking to build a solid foundation or an experienced professional aiming to deepen your knowledge, this course caters to a wide range of skill levels.
By the end of this course, you will emerge with the skills and confidence to configure iptables effectively, bolster your Linux server's security, and safeguard against a variety of cyber threats. Enroll now and embark on a journey to become a master of iptables firewall.