Skip to main content

Iptables - Firewall for Linux



Let's briefly look at some virtual firewalls in Linux. This is Iptables, running in my Ubuntu Server. Remember that?




What is CHAIN in this context? My best guess is 'the route a packet takes'. Think "At this point in the process, what should happen to this packet?" [1] Here, it's saying "Forward everything!". At which point, you may as well not have a firewall at all.



So let's set some rules on this bad boy;






The command is going 'super user within iptables, append the INPUT chain regarding the protocol tcp'


Let's try it with the example at the second link;



lo = Loopback
j = target, which must be set with each new rule. After all, how will iptables know to ACCEPT or DROP, RETURN?
So, that first rule isn't 'set' without it. Let's try it again;




Today I was reminded that Cases Matter.

Now we're looking good! Let's save them with sudo /sbin/iptables-save. I added a few more rules to this, namely DROP this CERTAIN connection, without saving.

There is plenty more information at the above links, so check them out, and I'll be revisiting more Linux and open source firewalls in the future.




Educate others -

Comments

Popular posts from this blog

What Do You Need? [AKA; List of Offered Services / My Next Role] (2020)

UPDATED 2021 I am a trusted outsourced remote consultant for your company.   I enjoy having the flexibility to take on temporary projects from time to time! I start at part-time, temp work for now. If we like each other, we can renegotiate. If anything sounds weird, out there, or unusual - Feel free to e-mail me .  3 Services Offered Technical: Cloud Technician     Azure [ See tag ] WORKING ON: Infrastructure As Code (Specifically Terraform/Azure and CloudFormation/AWS)  Support [Web: Example Job Description ] [Text : Example Description ]     I help you with adjustments in HTML, CSS, and Javascript.     When you email a business a question and they answer? That's me.   IT Operations Tech [ Example Job Description ]     Hardware and SaaS support.     Cisco routing and switching (Networking). CCNA, A+, Sec+, Azure certified WORKING ON: Junos Networking  Writing :      You want to pay me to write more of *waves hand* this blog? I am game .     I write B2C e-mails going out to o

Contactless Tech’s Role in the New Guest Experience ft. Intelity and The George

 Contactless hospitality technology is growing. You want to get away, and you'll be damned if a little thing like a deadly virus will stop you! But you still don't want to touch things. Ew. During the chat between INTELITY CEO Robert Stevenson and THE GEORGE Director of Operations Kerrie Hunter, you’ll learn how the historic boutique hotel has adapted a mobile-first guest experience in the wake of COVID-19—and how they see contactless technology affecting the future of hospitality. I don't remember how I found INTELITY (probably hoping to score a position with them), but I liked them enough to stay on the e-mail lists.  

Connecting IoT Devices to a Registration Server (Packet Tracer, Cisco)

In Packet Tracer, a demo software made by Cisco Systems. It certainly has changed a lot since 2016. It's almost an Olympic feat to even get started with it now, but it does look snazzy. This is for the new CCNA, that integrates, among other things, IoT and Automation, which I've worked on here before. Instructions here . I don't know if this is an aspect of "Let's make sure people are paying attention and not simply following blindly", or an oversight - The instructions indicate a Meraki Server, when a regular one is the working option here. I have to enable the IoT service on this server. Also, we assign the server an IPv4 address from a DHCP pool instead of giving it a static one. For something that handles our IoT business, perhaps that's safer; Getting a new IPv4 address every week or so is a minimal step against an intruder, but it is a step. There are no devices associated with this new server; In an earlier lab (not shown), I attached them to 'H