table of Contents
iptables packet filtering and network address translation
Linux packet filtering firewall overview
Matching conditions of iptables rules
Common general matching conditions
Commonly used implicit matching conditions (you must write general matching to use)
Common display matching conditions
NAT network address translation
Data saving (export (backup) rules)
iptables tool name: is used to control the kernel
The kernel contains the following four control functions: ( priority from high to low )
raw table traffic tracking PREPOUTING OUTPUT (chain: where ACL is written, generally chain names should be capitalized)
mingle table traffic shaping PREPOUTING INPUT FORWORD OUTPUT POSTROUTING
nat table Network address translation PREPOUTING POSTROUTING OUTPUT
filter table filter INPUT FORWORD OUTPUT
The point is to learn the INPUT chain of the filter table
iptables -nvL (or write iptables -t filter -nvL)
iptables -t nat -nvL
iptables -t filter -I INPUT -p tcp --dport 5901 -j ACCEPT (if DROP is discarded)
iptables -t -I POSTROUTING -p all -s 192.16.1.0/24 -o eth1 -j SNAT --to- source 10.0.105.99
The most used in the filter table is the INPUT chain and the FORWORD chain
The INPUT chain represents whether access is allowed when the data packet accesses me
iptables packet filtering and network address translation
Linux packet filtering firewall overview
The packet filtering function system of netfilter located in the Linux kernel is
called the "kernel mode" of the Linux firewall
iptables
is located in /sbin/iptables, the tool used to manage firewall rules is
called the "user mode" of linux firewall
Both of the above names can refer to the Linux firewall
The basic syntax of iptables
INPUT is followed by a number, which means that this rule is accurately added to a certain line
iptables -I INPUT -p icmp -j ACCEPT
iptables -I INPUT -p icmp -j REJECT
iptables -I INPUT -p icmp -j DROP 丢弃
Delete rule (-D for the deleted option)
iptables -D INPUT 1 (write 1 is to delete the first rule)
iptables -D INPUT 1 (write this command again is to delete the second one, delete the first one, the second The first one will be the top one)
KALI will not open a firewall
iptables management options
How do I know how many lines are in the rule?
iptables -nvL --line-numbers (display line numbers)
It’s best to write -nvL when adding options, otherwise it’s too concise and misleading
No REJECT
The default policy has the lowest priority
Matching conditions of iptables rules
Except for general matching, it cannot be used alone
Common general matching conditions
! Means negation
Commonly used implicit matching conditions (you must write general matching to use)
20:21 means port 20 to port 21
Common display matching conditions
Understand -m as calling module
vsftpd
very security ftp very secure ftp (actually not secure at all)
Case:
ftp 21 port is for monitoring, 20 port is used to transmit data , 20 port is active mode
1. Install an ftp, called vsftpd
yum install vsftpd in linux
2. The default shared directory of vsftp is /var/ftp/pub/
cp /etc/passwd /etc/shadow /var/ftp/pub/
3. Start the service: /etc/init.d/vsftpd start
4. Observe the port ss -antpl | grep ftp
5、iptables -I INPUT -p tcp --dport 21 -j ACCEPT
6. Take the real machine win10 to verify
7 、 iptables -nvL
8. Now I want to delete the second rule
iptables -D INPUT 2
Open win10 and connect again, enter dir after connecting
pasv is passive mode
9. Solution: iptables -I INPUT -p tcp --dport 22 -j ACCEPT
Exercise
NAT network address translation
Data saving (export (backup) rules)
Import (restore) rules
iptables service