Tuesday, December 17, 2013

How to Configure basic IPTABLES | Concept of iptables | Basic firewall Restrictions

Hello.... Friends, Today i am going to discus  about the iptables in Centos/RedHat 6. In this post we Discus how to open & close a particular port in CentOS /RedHat . How ro create a simple firewall. How  to restrict port based attacks. like Dos/DDos attack. In this post we learn how to configure a basic iptables a basic firewall.

we are here study about basic iptables filter Rules for more details see manual of iptables here

How to open necessary ports : 

As we know we use servers publicly like web server , mail server, if necessary VPS using SSH. so these all services runs on particular ports like SSH running on port 22, web services running on port 80 & 443 (SSL port ). for sending email we use SMTP & Secure SMTP which are running on the port no. 25 & 465 respectively. to let user receive  emails from others we use POP3 & Secure POP3 which are using port 110 & 995 respectively. so these are all the services we are using so we need to open these ports only rest we need to close 




In the beginning the server will comes with empty configuration means to say all the traffic is allowed. to restrict the traffic & configure  again just flush the rules or we can say erase all rules by just running a simple command

Flush iptables :

# iptables -F 

First we open localhost :

# iptables -A INPUT -i lo -j ACCEPT

In above rule we told the firewall add (-A) a rule to incoming (INPUT) filter table that comes to localhost interface ( -i lo ) and accept ( -j ACCEPT ) it. so think no need to tell about localhost or loopback , it provides us facility to work us in our local network means communicate machine locally

Next open web server services : 

# iptables -A INPUT -p tcp -m --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m --dport 443 -j ACCEPT

here we add port 80 & 443 ( http 80 & https 443 ) to accept chain traffic on these ports

Next sending mail open SMTP server services :

# iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT 

here we add port 25 & 465 ( smtp 25 & secure smtp 465 ), i recommend to use secure ports for services first because it's more easier to have password sniffed from 25 than from 465. so here we protect out clients from password sniffing attacks. while sending mails from our server

Next for receiving mail open POP3 server service :

# iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT

here we add port 110 & 995 ( POP3 110 & secure POP3 995 ) , again we need to use secure POP3 first for service for receive mails.

Next we need limiting access for SSH : 

# iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

we know about SSH, SSH is basically use for remotely connect the VPS , VPS is working on port 22 by default, to secure the SSH i recommend you to change the SSH service on different port than 22 & open that port in iptables

Note : if you are using permanent IP address then we could only allow SSH from the source & allow the firewall to open connection from that IP address else it would not work because it is main address not LAN address. & open connection as

# iptables -A INPUT -p tcp -s PERMANENT_IP_ADDRESS -m tcp --dport 22 -j ACCEPT 

PERMANENT_IP_ADDRESS = IP ADDRESS ( 117.56.118.53 )

Next open connection for ping & package updates :

# iptables -I INPUT -m state --state ESTABLISHD,RELATED -j ACCEPT

here we allow to use other outgoing connections like ping & software updates from out firewall

Next we only open connection for outgoing connections & close all other connections :

# iptables -P OUTPUT ACCEPT
# iptables -P INPUT DROP


Block most common attacks : 




As we restrict from DDos attack we need to put off the usual network scanning bots so that attacker can't find our server to attack . I know we can't fully secure from DDos by just simple using iptables but we restrict unnecessary packets

So First we start with Null packets blocking :

# iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

by using above command we told the firewall that take all the incomming packets with tcp flags NONE and just DROP them :') 
If we talk a little about Null packets means to say recon packets, In this attack pattern attack see how we configure the server & find the weaknesses.

Next we block the Syn-flood Attack : 

# iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Syn-flood attack means attackers open a new connection, but do not state what they want. they just want to take up our servers' resources. so we need to reject such packets.

Next block the XMAS packets :

# iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Christmas tree packets tells attackers about every single option set for whatever protocol is in use these packets are like as null packets.

Save iptables & start service again :


now we done our almost all work next we need to save the iptables configurations before saving conform as

# iptables -L -n 




this command tells us about all the list we assign to iptables means list ( -L ) only according to ipaddress ( -n ) not domains names assigned to ip address

save iptabes & restart service :

# iptables-save | sudo tee /etc/sysconfig/iptables 
# service iptables restart




here in directory where the ip address file is /etc/sysconfig/iptables  you can open it with vi editor or other editors too
# vi /etc/sysconfig/iptables 

so njoy the Day :')

No comments:

Post a Comment