3.6 KiB
title, description, published, date, tags, editor, dateCreated
| title | description | published | date | tags | editor | dateCreated |
|---|---|---|---|---|---|---|
| 02 Server Iptables | a little bigger note on iptables | true | 2024-03-27T18:07:56.613Z | markdown | 2024-03-21T11:45:00.336Z |
iptables
As you know most likeley files, commands, information etc. are being transmitted not in one go but in packets. The arrival of packets at your server and the transmission of packets from your server is regulated via the program iptables.
I use the box in a box metaphore for a mental picture. A packet is a box in a box in a box.... max 7 times. Like a babooshka doll from Russia, another metaphore describing packets. Every box has an address label with extra information.
The iptables software reads the labels of the two outer boxes. Based on this info the software desides where the packet needs to go and if it is allowed to. In order for the iptable software to work it needs instructions on how to make descisions. These instructions are written in lists (tables).
Packets are checked following a set of standard routes (a sequence of tables). Three tables are the most important for us now. Input, Forward and Output.
We are not discussing the layering of packets in all possibilities nor are we discussing the innerworks of the software called iptables. What we discuss is a basic understanding on what happens and what we can do with the iptables.
Input, Forward tables
When a packet arrives at your server iptables checks if the destination is the local machine or somewhere else. In our case the somewhere else is docker as docker creates and runs virtual machines etc. When the packet destination is the local machine the rules of the Input list are checked from top to bottem. When the destination is docker, the packet is checked against the rules in the Forward table. It is either Input or Forward not both. You can however tell iptables to do so if you want.
Output table
The output table tells iptables what to do with packets which are being sent from your computer. I you have bo rules in that table and the standard policy is drop, nothing will be send out. For the input and forward tables it works the same. nor rules and a standard policy of drop and nothing cmoes in.
Warning
Do not make the mistake that I made! blocking all incomming packets before adding rules accepting my ssh connection on my local machine. ssh will drop and you can only get into your machine with an attached screen, keyboard and mouse.
check if you have iptables installed
sudo iptables
if not install iptables
sudo pacman -S iptables
check the iptables
sudo iptables -L -v -n --line-numbers
check the service status / start / stop and enable
sudo systemctl status iptables
sudo systemctl start iptables
sudo systemctl stop iptables
sudo systemctl enable iptables
where is the file located with all the rules?
/etc/iptables/iptables.rules
How to save your new rules!
sudo iptables-save -f /etc/iptables/iptables.rules
how to change iptables You can use a UI interface program (not described here), the terminal (the way to go) or editing the file itself (not a fan).
add a rule
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -p tcp -i eno1 -s 192.168.1.10 -d 192.168.2.10 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -P INPUT DROP
delete a rule
update a rule
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules