Reference no: EM133015791

BN324 Enterprise Cyber Security and Management

Packet Filtering Firewalls (IPTABLES)

Description:

This manual is for running experiments on IPTABLES firewall. In this lab you will set up a Linux-based system as a firewall, according to a network security policy provided to you. The implementation will be done using an Oracle Virtual Box.
• In the first experiment, you will use IPTABLES firewall on a Kali in order to be familiar with IPTABLES firewalls. Students will also explore the functionalities of iptables, the Linux firewall
• In the second experiment, students will perform some basic commands, followed by some exercises.

Pre-work:
1. Launch Virtual Box
2. Launch your Kali
3. Do all your exercises in the VM

Exercises 1: You are required to read, install, set up, configure, and test your iptables firewall

The goal of this exercise is to explore the functionalities of iptables, the Linux firewall, in a simple network setting. To facilitate the deployment of the network setting out of the laboratory, we will use only Kali virtual machines for implementing it.

IPTABLES is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term iptables is also commonly used to refer to this kernel-level firewall. Iptables is a Linux command line firewall that allows system administrators to manage incoming and outgoing traffic via a set of configurable table rules.
Iptables uses a set of tables which have chains that contain set of built-in or user defined rules. Thanks to them a system administrator can properly filter the network traffic of his system.
Per iptables manual, there are currently 3 types of tables:
1. FILTER - this is the default table, which contains the built in chains for:
1. INPUT - packages destined for local sockets
2. FORWARD - packets routed through the system
3. OUTPUT - packets generated locally

1. Install iptables (if not installed already).
Sudo apt-get install iptables

2. Access to the iptables manual page
Man iptables
3. If you want to check your existing rules, use the following command
Sudo iptables -L -n -v

Exercises 2: Explore the functionalities of iptables, the Linux firewall and write some rules
1. Block Specific IP Address in IPtables Firewall

Where you need to change "xxx.xxx.xxx.xxx" with the actual IP address. Be very careful when running this command as you can accidentally block your own IP address. The -A option appends the rule in the end of the selected chain.
In case you only want to block TCP traffic from that IP address, you can use the -p option that specifies the protocol. That way the command will look like this:

2. Unblock IP Address in IPtables Firewall

If you have decided that you no longer want to block requests from specific IP address, you can delete the blocking rule with the following command:

The -D option deletes one or more rules from the selected chain. If you prefer to use the longer option you can use --delete.

3. Block Specific Port on IPtables Firewall
Sometimes you may want to block incoming or outgoing connections on a specific port. It's a good security measure and you should really think on that matter when setting up your firewall.
To block outgoing connections on a specific port use

To allow incoming connections use:

In both examples change "xxx" with the actual port you wish to allow. If you want to block UDP traffic instead of TCP, simply change "tcp" with "udp" in the above iptables rule.
4. Allow Multiple Ports on IPtables using Multiport
You can allow multiple ports at once, by using multiport, below you can find such rule for both incoming and outgoing connections:

5. Block Facebook on IPtables Firewall

First find the IP addresses used by Facebook

You can then block that Facebook network with:

Keep in mind that the IP address range used by Facebook may vary in your country.
6. Block Network Flood on Apache Port with IPtables

The above command limits the incoming connections from per minute to 100 and sets a limit burst to 200. You can edit the limit and limit-burst to your own specific requirements

7. Block Incoming Ping Requests on IPtables

Some system administrators like to block incoming ping requests due to security concerns. While the threat is not that big, it's good to know how to block such request:

8. Allow loopback Access

Loopback access (access from 127.0.0.1) is important and you should always leave it active:

9. Keep a Log of Dropped Network Packets on IPtables
If you want to log the dropped packets on network interface eth0, you can use the following command:

10. Block Access to Specific MAC Address on IPtables

You can block access to your system from specific MAC address by using:

Of course, you will need to change "00:00:00:00:00:00" with the actual MAC address that you want to block

11. Limit the Number of Concurrent Connections per IP Address
If you don't want to have too many concurrent connection established from single IP address on given port you can use the command below:

The above command allows no more than 3 connections per client. Of course, you can change the port number to match different service. Also the --connlimit-above should be changed to match your requirement.

12. Search within IPtables Rule
Once you have defined your iptables rules, you will want to search from time to time and may need to alter them. An easy way to search within your rules is to use:

In the above example, you will need to change $table with the actual table within which you wish to search and $string with the actual string for which you are looking for.
Here is an example:

13. Flush IPtables Firewall Chains or Rules
If you want to flush your firewall chains, you can use

You can flush chains from specific table with

You can change "nat" with the actual table which chains you wish to flush.

14. Disable Outgoing Mails through IPTables
If your system should not be sending any emails, you can block outgoing ports on SMTP ports. For example you can use this

Attachment:- Packet Filtering Firewalls.rar