Security in Linux through IPTABLES

Here we would use iptables command to block icmp ping request, ftp , telnet, ssh access.

Lab setup

In this practice we would use three systems with following details.

System 1 :-

·         OS : Linux server

·         Hostname : server.example.com

·         IP address: 192.168.1.1

·         Services : sshd, vsftpd

services must be running on server

System 2:-

·         OS : Linux clients

·         Hostname: client.example.com

·         IP address : 192.168.1.50

System 3:-

·         OS : Window server 2003

·         Hostname: 192.168.1.100

·         Putty : software to connect on ssh or ftp .

You could use any other systems for testing purpose on the place of system 2 and system3.

All three systems must be ping each other before you start configuration of firewall.

Make sure to flush old rules before we create new rules.

How to block icmp echo request for a host

We would block icmp echo request for system2. From system2 ping the server.

Now on server add following rules to block system2 for icmp echo.

Now test from system2

We have blocked only system2 so we could ping from system3

How to block ftp access

Now we would block ftp access. We are running vsftpd service on server. Try to connect from system3

On server create a rule to block ftp access for system3

Now try to connect again from system3

How to block ssh

Now block ssh. We are running sshd service on server for ssh. Try to connect from system2

On server create a rule to block ssh for system2

Now try again to connect from server on ssh port from system2.

Now try to connect to from system3, use putty for it

Click on open to start ssh

Only practice could make you prefect so do practice until you feel comfort with iptables.

Flush old rules and create new rules and test the result form client computers.

Use /etc/services file to find the port number.

To block entire network use /[subnet mask] value

Rules to practices

To block icmp request form specific clients

iptables -A INPUT -s 192.168.1.50 icmp --icmp-type echo request -j REJECT

To block icmp request form specific network

iptables -A INPUT -s 192.168.1.0/24 icmp --icmp-type echo request -j REJECT

To block ftp access

iptables -A INPUT -s 192.168.1.10 -p tcp --dport 21 -j REJECT

To block ssh access

iptables -A INPUT -s 192.168.1.10 -p tcp --dport 22 -j REJECT

To block http access

iptables -A INPUT -s 192.168.1.10 -p tcp --dport 80 -j REJECT

To block telnet access

iptables -A INPUT -s 192.168.1.10 -p tcp --dport 21 -j REJECT

To block smtp access

iptables -A INPUT -s 192.168.1.10 -p tcp --dport 25 -j REJECT

As you have seen form above rules. You only need to change --dport port number for sevices and that you could easily find from less /etc/services command.

Change ip 192.168.1.10 with your client ip on that you want to test the firewall.

For practice follow this method

·         Flush all rules from server use iptables -F commands

·         Check the status of service on server which you would like to practice for example above I used ftp and ssh services. Service must be run on server.

·         First connect from server on that service without firewall configuration you should connect both system2 and system3

·         Now configure firewall on server for one pc either system2 or system3.

·         Check the effect of firewall from client system, now you should not be able to connect from system on which you have applied firewall. But should be able to connect from other system.

·         Repeat this process until you feel comfort.