Setting up iptables, tips, advice for dummies

click fraud protection

command line utility iptables, which will be discussed in this article is a standard interface that is used to control the operation of the firewall netfilter.It's relevant if your computer is running Linux 2.4 and 2.6.Put simply, iptables configuration helps manage the firewall, but using it requires root access.Despite the fact that the concepts are different, very often, talking about them, people mean the same thing.But this is not so.

Conventional end users must have heard the concepts in question, but what they mean and what is needed, for some incomprehensible.So, in each computer connected to the Internet, are a variety of network packets that need to be controlled.This is the purpose firewall.This software, operating at different levels of OSI.They work in accordance with this specification and the selected action.

Home and the main task of a firewall - a protection against unauthorized access individual nodes and entire computer networks.They play the role of filters (they are called): check and sort network packets according to the criteria that defines the system.One gets the impression that they are a consistent chain of action.In fact, this is the case.Setting up iptables helps the user to apply all the rules, by which is meant the following steps:

  1. Check the package to meet.
  2. Application of the desired action.

actions are considered as a normal ordinary operation, for example, ACCEPT, and the implementation of an internal transfer from one chain to another.How do these things can be found in any manual settings iptables to teapots.More advanced users know that the actions themselves are of two types: terminal and non-terminal.The main purpose of the first - is the end of batch processing within the boundaries of the base chain, for example, REJECT.The second, on the contrary, do not stop processing the packet, for example, MARK, TOS, is brought to its logical end test.In the case where the data are the entire chain, and not one of them applies no action, it just means that everything happens in the default mode (set as the primary)

Normal setting iptables provides three main types of tables at the utility:

  1. Mangle - most commonly used when it is necessary to amend the name of the package.An example is a change of bits TOS.
  2. Nat - a chain to display the network address.It can only be done within the boundaries of the other.No filtration can not be carried out unless in exceptional cases.
  3. Filter - pass through it, all incoming packets, and there is no difference from what interface they follow.In other words, the chain filters traffic.

All users are more interested in the third table.It has three chains.The first - for incoming packets - INPUT, the second - for going through one computer to another - FORWARD, and the third - for outgoing - OUTPUT.Under current rules, any package, going all the way, or is passed or not.

All current rules setting iptables Ubuntu is allowed to edit the way you want the user.This is done by entering certain commands in the terminal.A string that contains the criteria for determining the package, and there is a law.Approximate recording such rules: iptables [-t table-name] command [template] [-j action].Here t gives an indication of what kind of table will, if it does not, the chain offered by default (filter).When a user requires a different kind of, it must be entered manually.The team must stand immediately behind the name.If there is no, it is in the first place.Action defines the setting iptables.The most common are such as ACCEPT (pass packet Completed), DROP (not to pass silently discard action ends not only to a single chain, but also for all others).