SlideShare uma empresa Scribd logo

Linux firewall

chanmyaeag
chanmyaeag

iptables

Tecnologia
1 de 25
Baixar para ler offline
LINUX FIREWALL SHAR THU 1
WHAT IS FIREWALL? • Firewall is anything, hardware or software, that monitors transmission of packets of digital information that attempt to pass the perimeter of a network. • Firewalls perform two basic security functions: • (Network Traffics) Packet filtering • Application proxy 2
3 FIREWALL SECURITY FEATURES Some firewall manufacturers add features like:  Logging unauthorized accesses into/out of a network  Providing VPN link to another network  Authenticating users  Shielding hosts inside the network from hackers  Caching data  Filtering content considered inappropriate or dangerous
4 FIREWALL COMPONENTS • Packet filter • Proxy server • Authentication system • Software that performs Network Address Translation (NAT) • Some firewalls: • Can encrypt traffic • Help establish VPNs • Come packaged in a hardware device that also functions as a router • Make use of a bastion host
TYPES OF FIREWALL • Client Firewall • Windows firewall • For a computer • Network firewall • Between private network & public network • VPN, Routing, . . . . • For each network by its rules 5
NETWORK TRAFFIC • Inbound traffic • Outbound traffic 6 Source Destination (Requester) (Replier) Ping 192.168.0.1 ICMP Outbound Inbound My Service (My internal network or my PC His service
FILTER NETWORK TRAFFIC • ACL (Access Control List) • Allow (accept) • Deny (drop or reject) 7
FIREWALL RULES (OR) POLICIES • Rule Name • Action (allowed or deny) • Traffic (inbound or outbound protocols) • Source • Destination 8 source destination Traffic Action 1.1.1.1 192.1.1.1 ICMP Allow Default Rule in Network Firewall >> All Traffic Deny (last priority)
NETWORK FIREWALL 9 WHERE DOES USE A NETWORK FIREWALL? Public Private Private Private BETWEEN PRIVATE & PUBLIC NETWORK!
NETWORK FIREWALL • Front End • Back End 10 Internet LAN SW SW LAN SVR ROOM Private DMZ Front EndBack End
FIREWALLS 11 SOHO FIREWALL DEVICES
FIREWALLS 12 NETWORK FIREWALL DEVICES
LINUX FIREWALL 13
LINUX IPTABLES FIREWALL 14 Client Firewall (iptables) #iptables –L INPUT (for input chain type or Inbound) #iptables –L OUTPUT (for output chain type or outbound) List
LINUX IPTABLES FIREWALL 15 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p ICMP –j DROP # iptables –A INPUT –s 192.168.0.0/24 –d 192.168.0.254/32 –p ICMP –j DROP # iptables –L INPUT # service iptables save # service iptables start Append INBOUND Rules in iptables ( Client Firewall ) Append Source Destination Protocol Jump # iptables –D INPUT 1 Delete Line Number
LINUX IPTABLES FIREWALL 16 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --sport xxx --dport 22 –j DROP # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --dport 443 –j ACCEPT # iptables –A INPUT –s 0.0.0.0/0 –d 192.168.0.254 –p ICMP –j DROP # iptables –A OUTPUT –s 192.168.0.254 –d 192.168.0.1 –p ICMP –j DROP Append INBOUND Rules in iptables ( Client Firewall ) # iptables –D OUTPUT 1
PRIORITY OF FIREWALL RULE Rule Name Action Rule 1 ACCEPT Rule 2 ACCEPT Rule 3 ACCEPT Rule 4 DROP All Traffic Deny 17
NAT WITH IPTABLE 18 • Post Routing • snat • Pre Routing • dnat • Masquerade (Port Address Translation (PAT)) • Port Address Table • IP Translation
NAT WITH IPTABLE 19 • Masquerade (Port Address Translation (PAT)) 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 20000 203.203.203.203 20000
NAT WITH IPTABLE 20 • IP Translation 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 203.203.203.203 10000 Requester
NAT WITH IPTABLES 21 Internet Web :80 SW IP= 200.200.200.1 GW=200.200.200.254 IP= 192.168.0.254 IP= 192.168.0.1 GW=192.168.0.254 IP= 192.168.0.100 GW=192.168.0.254
SNAT (POSTROUTING) WITH IPTABLES 22 Stap 1 Open Routing Function Stap 2 Set Static IP (LAN/WAN)
SNAT (POSTROUTING) WITH IPTABLES 23 One to One # iptables -t nat -A POSTROUTING -s 192.168.1.2(LAN) -j SNAT --to 200.200.200.1(WAN-Public IP) Many to One # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 200.200.200.1 Many to Many # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -j SNAT --to 200.200.200.1-200.200.200.6 Many to One(PAT) # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0(WAN) -j MASQUERADE # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Port (1 to 65535) # iptables –t nat –L # iptables –t nat –L POSTROUTING # iptables –t nat –F
DNAT (PREROUTING) WITH IPTABLES 24 Port Forwarding
THANKS!! 25

Recomendados

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
Sachin Tripathi
 
Deu datasheet rev_u
Deu datasheet rev_uDeu datasheet rev_u
Deu datasheet rev_u
Trường Tiền
 
Wireshark and asterisk
Wireshark and asteriskWireshark and asterisk
Wireshark and asterisk
Mohsin Zahid
 
Internet Protocol version6
Internet Protocol version6Internet Protocol version6
Internet Protocol version6
bhavin008
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai Presentation
Vinoth Sivasubramanan
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Development of Automotive Multimedia System using the Wireless Optical Commun...
Development of Automotive Multimedia System using the Wireless Optical Commun...Development of Automotive Multimedia System using the Wireless Optical Commun...
Development of Automotive Multimedia System using the Wireless Optical Commun...
상엽 이
 

Recomendados

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
Sachin Tripathi
 
Deu datasheet rev_u
Deu datasheet rev_uDeu datasheet rev_u
Deu datasheet rev_u
Trường Tiền
 
Wireshark and asterisk
Wireshark and asteriskWireshark and asterisk
Wireshark and asterisk
Mohsin Zahid
 
Internet Protocol version6
Internet Protocol version6Internet Protocol version6
Internet Protocol version6
bhavin008
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai Presentation
Vinoth Sivasubramanan
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Development of Automotive Multimedia System using the Wireless Optical Commun...
Development of Automotive Multimedia System using the Wireless Optical Commun...Development of Automotive Multimedia System using the Wireless Optical Commun...
Development of Automotive Multimedia System using the Wireless Optical Commun...
상엽 이
 
G6 datasheet
G6 datasheetG6 datasheet
G6 datasheet
Larry Stell
 
第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-
Toshimitsu YAMAGUCHI
 
Day 10.1 enablingrip
Day 10.1 enablingripDay 10.1 enablingrip
Day 10.1 enablingrip
CYBERINTELLIGENTS
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to know
Paul Coomans
 
Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
Dhruv Sharma
 
001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction
Mohamed Sana
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
Anna Volynkina
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
TommyBtown
 
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can HelpChanges to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Pine Cove Consulting
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
Mostafa El Lathy
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
EIGRP Default Route
EIGRP Default Route EIGRP Default Route
EIGRP Default Route
NetProtocol Xpert
 
Draytek Vigor 2912
Draytek Vigor 2912Draytek Vigor 2912
Draytek Vigor 2912
Fanky Christian
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
Networkel
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd
 
OSPF Authentication
OSPF Authentication OSPF Authentication
OSPF Authentication
NetProtocol Xpert
 
Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik
Siber Güvenlik Toplululuğu
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
Networkel
 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
Eric Vanderburg
 

Mais conteúdo relacionado

Mais procurados

第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-
Toshimitsu YAMAGUCHI
 
001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction
Mohamed Sana
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
TommyBtown
 
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can HelpChanges to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Pine Cove Consulting
 

Mais procurados (20)

G6 datasheet
G6 datasheetG6 datasheet
G6 datasheet
 
第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-第53回WIT研究会におけるリアルタイム映像配信 -技術編-
第53回WIT研究会におけるリアルタイム映像配信 -技術編-
 
Day 10.1 enablingrip
Day 10.1 enablingripDay 10.1 enablingrip
Day 10.1 enablingrip
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to know
 
Setting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASASetting up VPN between F5 LTM & ASA
Setting up VPN between F5 LTM & ASA
 
001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction001 introduction Fortigate Administration Introduction
001 introduction Fortigate Administration Introduction
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
 
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can HelpChanges to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
Changes to Priority 2 E-Rate: How Pine Cove Consulting and Sophos Can Help
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
EIGRP Default Route
EIGRP Default Route EIGRP Default Route
EIGRP Default Route
 
Draytek Vigor 2912
Draytek Vigor 2912Draytek Vigor 2912
Draytek Vigor 2912
 
CCNA point to point
CCNA point to pointCCNA point to point
CCNA point to point
 
CCNA part 5 routing
CCNA part 5 routingCCNA part 5 routing
CCNA part 5 routing
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
 
OSPF Authentication
OSPF Authentication OSPF Authentication
OSPF Authentication
 
Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik Kablosuz İletişim ve Güvenlik
Kablosuz İletişim ve Güvenlik
 
CCNA Network Monitoring
CCNA Network MonitoringCCNA Network Monitoring
CCNA Network Monitoring
 

Semelhante a Linux firewall

IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
ICT PRISTINE
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
shira koper
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
Thomas Graf
 

Semelhante a Linux firewall (20)

CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
CCNA
CCNACCNA
CCNA
 
How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1How to convert your Linux box into Security Gateway - Part 1
How to convert your Linux box into Security Gateway - Part 1
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
IPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash CourseIPV6 - Threats and Countermeasures / Crash Course
IPV6 - Threats and Countermeasures / Crash Course
 
EIGRP, DHCP, OSPF, NAT
EIGRP, DHCP, OSPF, NATEIGRP, DHCP, OSPF, NAT
EIGRP, DHCP, OSPF, NAT
 
4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf
 
Firewall Facts
Firewall FactsFirewall Facts
Firewall Facts
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
Ip6 tables in linux
Ip6 tables in linuxIp6 tables in linux
Ip6 tables in linux
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
Basic network training2
Basic network training2Basic network training2
Basic network training2
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Linux firewall

  • 2. WHAT IS FIREWALL? • Firewall is anything, hardware or software, that monitors transmission of packets of digital information that attempt to pass the perimeter of a network. • Firewalls perform two basic security functions: • (Network Traffics) Packet filtering • Application proxy 2
  • 3. 3 FIREWALL SECURITY FEATURES Some firewall manufacturers add features like:  Logging unauthorized accesses into/out of a network  Providing VPN link to another network  Authenticating users  Shielding hosts inside the network from hackers  Caching data  Filtering content considered inappropriate or dangerous
  • 4. 4 FIREWALL COMPONENTS • Packet filter • Proxy server • Authentication system • Software that performs Network Address Translation (NAT) • Some firewalls: • Can encrypt traffic • Help establish VPNs • Come packaged in a hardware device that also functions as a router • Make use of a bastion host
  • 5. TYPES OF FIREWALL • Client Firewall • Windows firewall • For a computer • Network firewall • Between private network & public network • VPN, Routing, . . . . • For each network by its rules 5
  • 6. NETWORK TRAFFIC • Inbound traffic • Outbound traffic 6 Source Destination (Requester) (Replier) Ping 192.168.0.1 ICMP Outbound Inbound My Service (My internal network or my PC His service
  • 7. FILTER NETWORK TRAFFIC • ACL (Access Control List) • Allow (accept) • Deny (drop or reject) 7
  • 8. FIREWALL RULES (OR) POLICIES • Rule Name • Action (allowed or deny) • Traffic (inbound or outbound protocols) • Source • Destination 8 source destination Traffic Action 1.1.1.1 192.1.1.1 ICMP Allow Default Rule in Network Firewall >> All Traffic Deny (last priority)
  • 9. NETWORK FIREWALL 9 WHERE DOES USE A NETWORK FIREWALL? Public Private Private Private BETWEEN PRIVATE & PUBLIC NETWORK!
  • 10. NETWORK FIREWALL • Front End • Back End 10 Internet LAN SW SW LAN SVR ROOM Private DMZ Front EndBack End
  • 14. LINUX IPTABLES FIREWALL 14 Client Firewall (iptables) #iptables –L INPUT (for input chain type or Inbound) #iptables –L OUTPUT (for output chain type or outbound) List
  • 15. LINUX IPTABLES FIREWALL 15 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p ICMP –j DROP # iptables –A INPUT –s 192.168.0.0/24 –d 192.168.0.254/32 –p ICMP –j DROP # iptables –L INPUT # service iptables save # service iptables start Append INBOUND Rules in iptables ( Client Firewall ) Append Source Destination Protocol Jump # iptables –D INPUT 1 Delete Line Number
  • 16. LINUX IPTABLES FIREWALL 16 # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --sport xxx --dport 22 –j DROP # iptables –A INPUT –s 192.168.0.1 –d 192.168.0.254 –p TCP --dport 443 –j ACCEPT # iptables –A INPUT –s 0.0.0.0/0 –d 192.168.0.254 –p ICMP –j DROP # iptables –A OUTPUT –s 192.168.0.254 –d 192.168.0.1 –p ICMP –j DROP Append INBOUND Rules in iptables ( Client Firewall ) # iptables –D OUTPUT 1
  • 17. PRIORITY OF FIREWALL RULE Rule Name Action Rule 1 ACCEPT Rule 2 ACCEPT Rule 3 ACCEPT Rule 4 DROP All Traffic Deny 17
  • 18. NAT WITH IPTABLE 18 • Post Routing • snat • Pre Routing • dnat • Masquerade (Port Address Translation (PAT)) • Port Address Table • IP Translation
  • 19. NAT WITH IPTABLE 19 • Masquerade (Port Address Translation (PAT)) 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 20000 203.203.203.203 20000
  • 20. NAT WITH IPTABLE 20 • IP Translation 1.1.1.1 10000 NAT (PAT) 1.1.1.1 10000 203.203.203.203 10000 Requester
  • 21. NAT WITH IPTABLES 21 Internet Web :80 SW IP= 200.200.200.1 GW=200.200.200.254 IP= 192.168.0.254 IP= 192.168.0.1 GW=192.168.0.254 IP= 192.168.0.100 GW=192.168.0.254
  • 22. SNAT (POSTROUTING) WITH IPTABLES 22 Stap 1 Open Routing Function Stap 2 Set Static IP (LAN/WAN)
  • 23. SNAT (POSTROUTING) WITH IPTABLES 23 One to One # iptables -t nat -A POSTROUTING -s 192.168.1.2(LAN) -j SNAT --to 200.200.200.1(WAN-Public IP) Many to One # iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 200.200.200.1 Many to Many # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -j SNAT --to 200.200.200.1-200.200.200.6 Many to One(PAT) # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0(WAN) -j MASQUERADE # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Port (1 to 65535) # iptables –t nat –L # iptables –t nat –L POSTROUTING # iptables –t nat –F
  • 24. DNAT (PREROUTING) WITH IPTABLES 24 Port Forwarding