skip to main | skip to sidebar

Linux Tutorial for Beginners

Pages

  • Home
 
  • RSS
  • Twitter
Showing posts with label Iptable basic. Show all posts
Showing posts with label Iptable basic. Show all posts
Thursday, February 16, 2012

Some important point about Iptables

Posted by Raju Gupta at 2:19 AM – 1 comments
 

By default, firewall rules are saved in the /etc/sysconfig/iptables or /etc/sysconfig/ip6tables files.
The iptables service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, 192.168.0.1). Domain names (for example, host.example.com) in such rules produce errors.
Regardless of their destination, when packets match a particular rule in one of the tables, a target or action is applied to them. If the rule specifies anACCEPT target for a matching packet, the packet skips the rest of the rule checks and is allowed to continue to its destination. If a rule specifies a DROPtarget, that packet is refused access to the system and nothing is sent back to the host that sent the packet. If a rule specifies a QUEUE target, the packet is passed to user-space. If a rule specifies the optional REJECT target, the packet is dropped, but an error packet is sent to the packet's originator.
Every chain has a default policy to ACCEPT, DROP, REJECT, or QUEUE. If none of the rules in the chain apply to the packet, then the packet is dealt with in accordance with the default policy.
The iptables command configures these tables, as well as sets up new tables if necessary.

[ Read More ]
Read more...

Explain iptables terminology

Posted by Raju Gupta at 2:14 AM – 0 comments
 

The Linux kernel uses the Netfilter facility to filter packets, allowing some of them to be received by or pass through the system while stopping others. This facility is built in to the Linux kernel, and has three built-in tables or rules lists, as follows:
·         filter — The default table for handling network packets.
·         nat — Used to alter packets that create a new connection and used for Network Address Translation (NAT).
·         mangle — Used for specific types of packet alteration.
Each table has a group of built-in chains, which correspond to the actions performed on the packet by netfilter.
The built-in chains for the filter table are as follows:
·         INPUT — Applies to network packets that are targeted for the host.
·         OUTPUT — Applies to locally-generated network packets.
·         FORWARD — Applies to network packets routed through the host.
The built-in chains for the nat table are as follows:
·         PREROUTING — Alters network packets when they arrive.
·         OUTPUT — Alters locally-generated network packets before they are sent out.
·         POSTROUTING — Alters network packets before they are sent out.
The built-in chains for the mangle table are as follows:
·         INPUT — Alters network packets targeted for the host.
·         OUTPUT — Alters locally-generated network packets before they are sent out.
·         FORWARD — Alters network packets routed through the host.
·         PREROUTING — Alters incoming network packets before they are routed.
·         POSTROUTING — Alters network packets before they are sent out.
Every network packet received by or sent from a Linux system is subject to at least one table. However, a packet may be subjected to multiple rules within each table before emerging at the end of the chain. The structure and purpose of these rules may vary, but they usually seek to identify a packet coming from or going to a particular IP address, or set of addresses, when using a particular protocol and network service.

[ Read More ]
Read more...

Iptables

Posted by Raju Gupta at 1:59 AM – 1 comments
 

Included with Red Hat Enterprise Linux are advanced tools for network packet filtering — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on ipchains for packet filtering and used lists of rules applied to packets at each step of the filtering process. The 2.4 kernel introduced iptables (also called netfilter), which is similar to ipchains but greatly expands the scope and control available for filtering network packets.

Warning

The default firewall mechanism in the 2.4 and later kernels is iptables, but iptables cannot be used if ipchains is already running. If ipchains is present at boot time, the kernel issues an error and fails to start iptables. The functionality of ipchains is not affected by these errors.

[ Read More ]
Read more...
Older Posts
Subscribe to: Posts (Atom)

Our Blogs

  • Java Programs with Output
  • C Programming Tutorial
  • Language Tutorial
  • Android Development Tutorial
  • Web Development Tutorial
  • Popular
  • Recent
  • Archives

Popular Posts

  • Apache Configuration File Security Option
    you’ll examine the security options available in the main Apache configuration file, httpd.conf. That file can be modified to secure the e...
  • AWS VPC Overview
    What is VPC ? A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other vir...
  • Advantages & Disadvantages of Kerberos
    Advantages of Kerberos Most conventional network services use password-based authentication schemes. Such schemes require a user to au...
  • SSH login without password
    The following steps can be used to ssh from one system to another without specifying a password: 1. On the client run the following com...
  • Apache Installation and Configuration through source code
    In this example we extract the source code to a directory under /usr/local/src/ cp httpd-2.0.46.tar.gz /usr/local/src cd /usr/local/src...
  • How to automatically chroot jail selected ssh user logins
    1. Creating basic chroot environment First we need to create a simple chroot environment. Our chroot environment will consist of a bash she...
  • How to Create the Kerberos database
    Create the database with the following command.  [root@coma ~] kdb5_util create -s This will prompt you for a password. You will ...
  • Kerberos and PAM
    Kerberos-aware services do not currently make use of Pluggable Authentication Modules (PAM) — these services bypass PAM completely. However...
  • Apache and SELinux File Labels
    Take a look at the SELinux settings associated with Apache. To review, SELinux settings, as they relate to a service, mostly fall into tw...
  • History of MINIX 3
    MINIX has a long history. It goes back to 1987 when the first edition of the book Operating Systems: Design and Implementation by Andrew S...
Powered by Blogger.

Archives

  • ▼  2014 (1)
    • ▼  May (1)
      • AWS VPC Overview
  • ►  2013 (4)
    • ►  February (4)
  • ►  2012 (89)
    • ►  November (1)
    • ►  March (4)
    • ►  February (36)
    • ►  January (48)
 

Followers

Labels

  • Apache (8)
  • aws (1)
  • Bridge (1)
  • cloud computing (1)
  • Configuration (1)
  • dhcp server (7)
  • DNS (8)
  • File system (11)
  • Fping (1)
  • Iptable basic (3)
  • KDC slave server (1)
  • Kerberos (14)
  • kerberos configuration (5)
  • kerberos database (1)
  • LaTeX (1)
  • Ldap basic (2)
  • Linux aliases (1)
  • Linux Commands (4)
  • Linux History (2)
  • Linux Installation (3)
  • Linux kernel (3)
  • Linux shell (2)
  • Linux software (2)
  • Lvm (1)
  • Mail Server (3)
  • Network Script (1)
  • PHP (1)
  • Raid (6)
  • SELinux (1)
  • Sendmail (3)
  • ssh (2)
  • Tcpdump example (1)
  • Virtualization (5)
  • Webmin (1)
  • Yum (2)
 
 
© 2011 Linux Tutorial for Beginners | Designs by Web2feel & Fab Themes

Bloggerized by DheTemplate.com - Main Blogger