iptables

sec/ex-3_iptables.adoc

@@ -309,7 +309,7 @@ However, be aware that the packet will continue to traverse all other chains in
 
 
 
-== Use iptables
+== Usage
 
 === Showing the current rules
 
@@ -378,6 +378,27 @@ First of all, our computer is not a router (unless, of course, it is a router).
 
 
 
+=== Examples
+
+We going to use Shorewall as an iptables configuration tool. See Appendix.
+
+Here some examples of "raw" iptables command lines.
+
+
+==== Block Traffic by PortPermalink
+
+You may use a port to block all traffic coming in on a specific interface. For example:
+
+iptables -A INPUT -j DROP -p tcp --destination-port 110 -i eth0
+
+Let’s examine what each part of this command does:
+
+    -A will add or append the rule to the end of the chain.
+    INPUT will add the rule to the table.
+    DROP means the packets are discarded.
+    -p tcp means the rule will only drop TCP packets.
+    --destination-port 110 filters packets targeted to port 110.
+    -i eth0 means this rule will impact only packets arriving on the eth0 interface.
 
 
 
@@ -388,9 +409,22 @@ First of all, our computer is not a router (unless, of course, it is a router).
 == How to use iptables
 
 
-This exercise will show you how to isolate traffic in various ways—from IP, to port, to protocol, to application-layer traffic—to make sure you find exactly what you need as quickly as possible.
 
-https://danielmiessler.com/study/tcpdump[Origin]
+Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. 
+
+It can handle complex and fast changing network environments. 
+
+It needs multiple configuration files, even for simple setups. 
+
+Suitable for powerusers! - Most likely there are a lot of these among our Students :-) 
+
+Shorewall is very popular!
+
+
+
+
+
+https://wiki.archlinux.org[Origin]