SCAR-iT/LWM-Linux

Fork 0

ganome 07eaea381b

Initial Commit - Taking my own code to my repository - No longer a fork of LinuxLightHouse

2024-09-02 16:42:08 -06:00

2.8 KiB

Raw Blame History

Advanced IPTables Configuration

1. Understanding IPTables Architecture:

IPTables is the user-space command line utility for configuring the Linux kernel firewall. It works with chains and tables:

Tables: filter, nat, mangle, raw, security
Chains: INPUT, OUTPUT, FORWARD, PREROUTING, POSTROUTING

2. Basic Syntax:

iptables [-t table] command chain rule-specification [options]

3. Common Commands:

-A: Append rule
-I: Insert rule
-D: Delete rule
-R: Replace rule
-L: List rules
-F: Flush rules

4. Advanced Rule Specifications:

a) State Matching:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

b) Rate Limiting:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

c) String Matching:

iptables -A INPUT -p tcp --dport 80 -m string --string "GET /admin" --algo bm -j DROP

d) Time-based Rules:

iptables -A INPUT -p tcp --dport 80 -m time --timestart 09:00 --timestop 18:00 --weekdays Mon,Tue,Wed,Thu,Fri -j ACCEPT

5. NAT Configuration:

a) SNAT (Source NAT):

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 203.0.113.1

b) DNAT (Destination NAT):

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.100:8080

c) Port Forwarding:

iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222

6. Logging:

iptables -A INPUT -j LOG --log-prefix "DROPPED: " --log-level 4

7. Custom Chains:

iptables -N CUSTOM_CHAIN
iptables -A INPUT -j CUSTOM_CHAIN
iptables -A CUSTOM_CHAIN -p tcp --dport 80 -j ACCEPT

8. IPv6 Support (ip6tables):

ip6tables -A INPUT -p ipv6-icmp -j ACCEPT

9. Saving and Restoring Rules:

iptables-save > /etc/iptables/rules.v4
iptables-restore < /etc/iptables/rules.v4

10. Performance Optimization:

Use stateful filtering
Organize rules from most to least used
Use custom chains for logical grouping

11. Security Best Practices:

Default deny policy
Allow only necessary services
Use connection tracking
Implement egress filtering

12. Troubleshooting:

Use -v for verbose output
Check logs in /var/log/messages or /var/log/syslog
Use tcpdump for packet analysis

13. Advanced Techniques:

Layer 7 filtering with iptables extensions
Geolocation-based filtering using geoip module
Integration with fail2ban for dynamic IP blocking

14. Scripting and Automation:

Create shell scripts for complex rule sets
Use configuration management tools (Ansible, Puppet) for deployment

15. Monitoring and Reporting:

Use iptables -L -v -n for rule hit counts
Implement log analysis tools (ELK stack, Splunk) for insights

2.8 KiB Raw Blame History

Advanced IPTables Configuration

1. Understanding IPTables Architecture:

2. Basic Syntax:

3. Common Commands:

4. Advanced Rule Specifications:

5. NAT Configuration:

6. Logging:

7. Custom Chains:

8. IPv6 Support (ip6tables):

9. Saving and Restoring Rules:

10. Performance Optimization:

11. Security Best Practices:

12. Troubleshooting:

13. Advanced Techniques:

14. Scripting and Automation:

15. Monitoring and Reporting:

2.8 KiB

Raw Blame History