2. Agenda
Introduction to Linux Firewalls
Firewall Basics
IP Tables
Firewall Management
Challenges and Solutions
3. Introduction
Why Need a Firewall
Improved Access Control at Network Layer and Transport Layer
Better Detection Capabilities
Why Linux Firewalls
Open source Low Cost
Flexible Can align with business and user need
Continual improvement
4. What is a firewall?
What is a firewall ???
A firewall is a device filtering traffic between 2 or more networks
based on predefined rules
5. IP Chains
IP Chains
Loadable kernel module that performs packet filtering
Comes with most Linux distribution
No Port Forward
Concept of chain ( Input , Output and Forward)
6. IP Tables
IP Tables
Loadable kernel module
Since kernel 2.4.x
Everything of IP Chains plus stateful inspection, improved matching and port
forward
More customized login
Requires expertise and careful study of organization
7. IP Tables – Implementation – Command Line
Open a terminal window ( Must be logged in as root ) typing
#iptables
iptables<version number: no command specified ( If IP tables
already installed)
IF IP tables are not installed then follow the follow instructions to enable IP Tables
IP tables can be downloaded from http://www.nefilter.org
#tar –xvjf ./iptables-1.*.*.tar.bz2 –c/usr/src
#cd /usr/src/iptables-1.*.* ( to the directory it has created)
#/bin/sh –c make
#/bin/sh –c make install to finish the install
9. Implementation of policies
Implementing Rules
#iptables –A INPUT I eth0 –p tcp (–s 192.168.0.222) –dport 22 –j drop
A to append the rule at the bottom of specified chain
I to insert the rule at the top of the specfified chain
I income interface
P protocol
S incoming ip
Dport destination port
Sport source port
O outgoing interface
D destination ip
#service iptables save
14. Tools for Compiling IPTables
www.fwbuilder.org Online tool to help build Linux firewall rules ( Open source)
fwlogwatch.inside-security.de/ Tool to analyse IP tables logs
Challenges
No clear visibility on flow of traffic , ports and services used in the
organization
Solutions to them are documenting the ports, services being used in the
organization
Does not do deep packet inspection to filter malicious traffic