What are firewalls and Iptables and Ipchains are the types of firewalls that are common on Linux systems? While Ipchains were the default application for packet filtering in kernels 2.4 and earlier, the later kernels saw the introduction of Iptables (called netfilter) which expands on the scope and control available for filtering network packets.
Let us revise some basic concepts before we dive into the comparison of Iptables and Ipchains.
Packet Filtering: When a computer needs to send data to another computer, it divides the data file into packets of a specified size and format and sends it across the network. These packets are then reassembled by the receiving computer. There are various protocols for transmission of such packets across the network.
Based on rules, the Linux kernel can allow or deny entry to such packets into the system.
These rules list are of three types in Linux; Filter, NAT, Mangle. These tables contain chains which contain the action to be taken on the packets by the filters. Each network packet received or sent by the system is put through at least one table and may pass through a series of rules before emerging out of the system. Depending on the rules, the packets are either ACCEPTED, DROPPED or REJECTED by the system. In a REJECT scenario an error message is sent back to the transmitting system.
While iptables and ipchains are both very similar and have the same fundamental task, iptables is more versatile giving the administrator greater control.
Under iptables each packet is processed using rules from only one chain rather than multiple chains. This gives one the leeway in determining the disposition of each packet. For instance, if you are attempting to block access to a website, it is possible to block access attempts from clients running on hosts that use the Linux machine as a gateway.
Iptables structure:
i ptables [-t <table-name>] <command> <chain-name> <parameter-1> <option-1> <parameter-n> <option-n>
In this example, the <table-name> option allows the user to select a table other than the default filter table to use with the command. The <command> option is the center of the command, dictating a specific action to perform, such as appending or deleting a rule from a particular chain, which is specified by the <chain-name> option. Following the <chain-name> are pairs of parameters and options that actually define the way the rule will work and what will happen when a packet matches the rule.
Creating Iptables firewall rules.
While you will get a complete detailed overview of setting up iptables at http://www.redhat.com site the following summarizes the steps required to setup an iptable firewall rule.
iptables -A to append a rule.
iptables -D to delete a rule.
iptables -R to replace a rule.
iptables -I to insert a rule.
iptables -L to list all current rules.
service iptables save is used to save the rules from the kernel and install them in the configuration file which is located in /etc/sysconfig/iptables.
The settings for managing the iptables rules are placed in the /etc/sysconfig/iptables-config file. These are loaded automatically once placed here.
The iptables startup script is located at /etc/init.d/iptables, which is run each time the system is rebooted. On start, it clears all iptables rules and counters and installs new ones from the /etc/sysconfig/iptables file.
Tips for using Iptables features:
- Use fewer number of rules to improve performance. Use subchains to keep a packet from seeing rules that do not apply to it.
- Use the –limit option to restrict the impact of DOS attacks.
- Using the –limit option restrict the rate of matches that result in log matches. This option allows matches to only produce messages a limited number of times per second.
- To match all interfaces of a type, use the plus sign such as eth+.
|
SERVICES 
site by: DWM 
