Using a firewall in Linux (iptables)

Photo by FLY:D on Unsplash

Using a firewall in Linux (iptables)

You are probably asking yourself do I really need a firewall in Linux? The answer here is yes, You never have enough protection against unwanted access that could steal information or damage your device.

The easiest thing to do here is just to use a tool that is available for Linux systems and implement a firewall that blocks traffic that you don't want. Here is the point where iptable comes into play.

What is iptables?

iptables is a user-space utility program that allows you to configure the Linux kernel's packet-filtering rules and manage network traffic. By using iptables, you can define rules to permit or deny incoming, outgoing, and forwarded data packets, which helps secure your system from unauthorized access and potential threats.

Key Features and Benefits

  1. Firewall Protection: iptables is primarily used as a firewall to protect your servers and network infrastructure from malicious attacks. It allows you to define rules based on IP addresses, ports, protocols, and more to regulate network traffic.

  2. Network Address Translation (NAT): iptables also facilitate Network Address Translation, enabling the sharing of a single public IP address among multiple internal devices, commonly seen in home or small office setups.

  3. Packet Filtering: You can use iptables to filter packets based on different criteria, such as source or destination IP, port numbers, and protocols. This aids in blocking unwanted traffic and mitigating DoS (Denial of Service) attacks.

  4. Port Forwarding: iptables supports port forwarding, enabling you to redirect incoming traffic from one port to another, which can be useful for hosting services like web servers or remote desktops.

Getting Started with iptables

If you're new to iptables, here are some essential commands to get you started:

  1. View Current Rules: To see the existing iptables rules, open a terminal and type:
  •               iptables -L
    
  • Flush Rules: If you want to remove all existing rules (be cautious, as this might disrupt network connectivity):

  •               iptables -F
    
  • Allow Incoming SSH: To permit SSH connections:

  •               iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    
  • Block Specific IP: To block traffic from a specific IP address:

  •               iptables -A INPUT -s x.x.x.x -j DROP
    
  • Save Rules: After configuring your rules, don't forget to save them to ensure they persist after a reboot:

  1.        service iptables save
    

Here is an example using the Raspberry Pi

The most simple method is to block everything and then just punch holes for the stuff that you want to pass through. For us, this will be to still be able to use the ssh connection to the device. (no serial connection here, because I am lazy)

Enable the required permissions first

  •   iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    

Block all traffic

iptables -P INPUT DROP
iptables -P FORWARD DROP

Now we should only be able to access the device over SSH. Ping will not work because we did not enable icmp traffic.

Your rules should look something like this:

mircea@raspberrypi:~ $ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Ping will no longer work for the IP assigned to the RPI:

ping 192.168.68.56
PING 192.168.68.56 (192.168.68.56) 56(84) bytes of data.
^C
--- 192.168.68.56 ping statistics ---
34 packets transmitted, 0 received, 100% packet loss, time 33782ms

We can enable ping again by allowing the icmp traffic with this command:

iptables -A INPUT -p icmp -j ACCEPT

ping 192.168.68.56
PING 192.168.68.56 (192.168.68.56) 56(84) bytes of data.
64 bytes from 192.168.68.56: icmp_seq=1 ttl=64 time=114 ms
64 bytes from 192.168.68.56: icmp_seq=2 ttl=64 time=6.64 ms
^C
--- 192.168.68.56 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
💡
Be careful on the RPI usually, you are not root so you need to run these commands with sudo or change to root user before applying these rules.

Best Practices

  1. Understand Rule Ordering: iptables rules are processed from top to bottom. Ensure you organize your rules carefully, as the first rule matching a packet will be applied.

  2. Practice Safety: Always be cautious when applying iptables rules, especially on remote systems, to avoid locking yourself out.

  3. Regular Updates: Keep your system and iptables up to date, as new security threats may arise over time.

  4. Backup Configurations: Before making significant changes, create backups of your existing iptables configurations for easy restoration in case of errors.

Conclusion

With iptables, you have a powerful tool at your disposal to enhance network security, protect your systems, and control network traffic effectively. By understanding the fundamentals and adhering to best practices, you can make the most of this versatile firewall management tool.

That's all for this issue! We hope you found this newsletter informative and helpful in your journey with iptables. Stay tuned for more exciting tech insights in our next edition.

Until then, stay secure and keep exploring the world of technology!

Best regards,

Flowkernel Mircea Caprioru

Did you find this article valuable?

Support Mircea Caprioru by becoming a sponsor. Any amount is appreciated!