zeus
/
lab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

iptables

master
test2 5 years ago
parent
da0809c574
commit
ee5160574d
1 changed files with 63 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 64
      sec/ex-3_iptables.adoc

64
sec/ex-3_iptables.adoc
View File

@ -309,10 +309,72 @@ However, be aware that the packet will continue to traverse all other chains in
== Use iptables
=== Showing the current rules
[source,bash]
----
# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
----
If the output looks like the above, then there are no rules (i.e. nothing is blocked) in the default filter table
=== Resetting rules
You can flush and reset iptables to default using these commands:
[source,bash]
----
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -t raw -F
# iptables -t raw -X
# iptables -t security -F
# iptables -t security -X
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
----
The -F command with no arguments flushes all the chains in its current table. Similarly, -X deletes all empty non-default chains in a table.
Individual chains may be flushed or deleted by following -F and -X with a [chain] argument.
=== Editing rules
Rules can be edited by
- appending -A a rule to a chain,
- inserting -I it at a specific position on the chain,
- replacing -R an existing rule,
- or deleting -D it.
The first three commands are exemplified in the following.
First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP.
[source,bash]
----
# iptables -P FORWARD DROP
----
@ -323,7 +385,7 @@ However, be aware that the packet will continue to traverse all other chains in
[appendix]
== How to use tcpdump
== How to use iptables
This exercise will show you how to isolate traffic in various ways—from IP, to port, to protocol, to application-layer traffic—to make sure you find exactly what you need as quickly as possible.

Write Preview
Loading…
Cancel
Save