{"id":175,"date":"2018-01-19T23:23:37","date_gmt":"2018-01-19T23:23:37","guid":{"rendered":"http:\/\/linuxresellerwebhosting.in\/blog\/?p=175"},"modified":"2018-02-08T18:53:00","modified_gmt":"2018-02-08T18:53:00","slug":"ip-tables-works-linux","status":"publish","type":"post","link":"https:\/\/linuxresellerwebhosting.in\/blog\/ip-tables-works-linux\/","title":{"rendered":"How the IP Tables Works in Linux"},"content":{"rendered":"<p lang=\"zxx\"><span style=\"font-size: medium;\"><strong><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"color: #000000;\">INTRODUCTIONS :<\/span><\/span><\/strong><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">F<\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">irewall is an <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">important <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">step to take in securing any <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">OS<\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">. <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">All <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">Linux distributions <\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">Included<\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"> with a few firewall tools that we can use to configure our firewalls. In this guide, we&#8217;ll be covering the\u00a0<\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><code>iptables<\/code><\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">\u00a0<\/span><\/span><\/span><span style=\"color: #000000;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">firewall.<\/span><\/span><\/span> <span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">It is a command line utility that uses policy chains to allow or block traffic. <\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #000000;\">Iptables is a standard firewall included in most Linux distributions by default. <\/span><span style=\"color: #000000;\">It<\/span><span style=\"color: #111111;\"> is used to manage packet filtering and NAT rules. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.<\/span> <\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">In this tutorial we are going to discuss about how the IPTABLES works. <\/span><\/span><\/p>\n<h2 lang=\"zxx\"><span class=\"ez-toc-section\" id=\"IPTABLESSERVICE\"><\/span><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #252525;\"><b>IPTABLES.SERVICE<\/b><\/span><\/span><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/linuxresellerwebhosting.in\/blog\/ip-tables-works-linux\/#IPTABLESSERVICE\" >IPTABLES.SERVICE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/linuxresellerwebhosting.in\/blog\/ip-tables-works-linux\/#How_Iptables_Work\" >How Iptables Work :\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/linuxresellerwebhosting.in\/blog\/ip-tables-works-linux\/#Types_of_Iptables_and_Chains\" >Types of Iptables and Chains<\/a><\/li><\/ul><\/nav><\/div>\n\n<p lang=\"zxx\"><span style=\"color: #252525;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">The iptables service supports a local network firewall. It assumes total control of the iptables configuration. When it starts, it flushes and restores the complete iptables configuration. The restored rules are from its configuration file, \u00a0<\/span><\/span><\/span><em><span style=\"color: #252525;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><b>\/etc\/sysconfig\/iptables<\/b><\/span><\/span><\/span><\/em><span style=\"color: #252525;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">. The configuration file is not kept up to date during operation, so the dynamically added rules are lost during every restart.<\/span><\/span><\/span><\/p>\n<pre class=\"theme:dark-terminal lang:default decode:true\"># systemctl disable iptables.service\r\n# systemctl mask iptables.service<\/pre>\n<h2 lang=\"zxx\"><span class=\"ez-toc-section\" id=\"How_Iptables_Work\"><\/span><span style=\"color: #3a3a3a;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><b>How Iptables Work :\u00a0<\/b><\/span><\/span><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\">Iptables is a command-line firewall utility that uses policy chains to allow or block traffic.\u00a0<\/span> <\/span><\/span><\/p>\n<h2 lang=\"zxx\"><span class=\"ez-toc-section\" id=\"Types_of_Iptables_and_Chains\"><\/span><span style=\"color: #404040;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><b>Types of Iptables and Chains<\/b><\/span><\/span><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\">I<\/span><span style=\"color: #404040;\">ptables uses three different chains: input, forward, and output.<\/span> <\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\"><b>Input<\/b><\/span><span style=\"color: #404040;\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u2013 <\/span><span style=\"color: #404040;\">This chain is used to control the behavior for incoming connections.\u00a0<\/span><\/span><\/span><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\">Ex : <\/span><span style=\"color: #404040;\"> if a user attempts to SSH into your PC\/server, iptables will attempt to match the IP address and port to a rule in the input chain.<\/span> <\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\"><b>Forward<\/b><\/span><span style=\"color: #404040;\">\u00a0 \u00a0 \u2013 <\/span><span style=\"color: #111111;\">Packet for another NIC on the local server. For packets routed through the local server.<\/span>\u00a0<\/span><\/span><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\">E<\/span><span style=\"color: #404040;\">x: <\/span><span style=\"color: #404040;\">Think of a router \u2013 data is always being sent to it but rarely actually destined for the router itself; the data is just forwarded to its target. Unless you\u2019re doing some kind of routing, NATing, or something else on your system that requires forwarding, you won\u2019t even use this chain.<\/span> <\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\"><b>Outpu \u00a0 \u00a0 \u00a0<\/b><\/span><span style=\"color: #404040;\">\u00a0\u2013 <\/span><span style=\"color: #404040;\">This chain is used for outgoing connections.\u00a0<\/span><\/span><\/span><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #404040;\">Ex<\/span><span style=\"color: #404040;\"> :if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.<\/span> <\/span><\/span><\/p>\n<p lang=\"zxx\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-177 size-full\" src=\"http:\/\/linuxresellerwebhosting.in\/blog\/wp-content\/uploads\/2017\/07\/iptables-filter-nat-mangle-tables.png\" alt=\"\" width=\"337\" height=\"150\" srcset=\"https:\/\/linuxresellerwebhosting.in\/blog\/wp-content\/uploads\/2017\/07\/iptables-filter-nat-mangle-tables.png 337w, https:\/\/linuxresellerwebhosting.in\/blog\/wp-content\/uploads\/2017\/07\/iptables-filter-nat-mangle-tables-300x134.png 300w\" sizes=\"auto, (max-width: 337px) 100vw, 337px\" \/><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><b>Rules for IP Tables : <\/b><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">Rules contain a principle and a target.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">If the principle is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">If the criteria is not matached, it moves on to the next rule.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><b>Target Values :<\/b><\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">Following are the possible special values that you can specify in the target.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">ACCEPT \u2013 Firewall will accept the packet.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">DROP \u2013 Firewall will drop the packet.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">QUEUE \u2013 Firewall will pass the packet to the userspace.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"color: #111111;\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\">RETURN \u2013 Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain.<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\"><span style=\"font-family: 'Times New Roman', serif;\"><span style=\"font-size: medium;\"><span style=\"color: #000000;\">At this point, the quickest way to learn about how iptables works is to use it to implement your own firewall \u00a0\ud83d\ude42<\/span><\/span><\/span><\/p>\n<p lang=\"zxx\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0T H A N K I N G \u00a0Y O U !!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>INTRODUCTIONS : Firewall is an important step to take in securing any OS. All Linux distributions Included with a few<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[1],"tags":[],"class_list":["post-175","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/comments?post=175"}],"version-history":[{"count":9,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/175\/revisions"}],"predecessor-version":[{"id":185,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/175\/revisions\/185"}],"wp:attachment":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/media?parent=175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/categories?post=175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/tags?post=175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}