Basic network security using IP tables:

With the below command - for the INPUT chain -, packets that match other packets from an already established connections or other packets related to an already established connection - for example an application that opens a connection for authentication and another for data transfer - are accepted:


The below command allows traffic whose destination port matches "port_number":


The loopback interface - lo - is a virtual network interface used by many programs for local communication.

We use also IP tables to allow traffic on that interface - lo -, using the below command:


The next three policies are the default ones regarding the INPUT, FORWARD and OUTPUT chains:


We set the default policy for the INPUT chain to DROP. This is meant for incoming packets.

Then we set the default policy for the FORWARD chain to DROP because our computer is not used a router - forwarding packets -.

We also set default policy for the OUTPUT chain to ACCEPT to allow traffic going out of the machine.


NAT - Network Address Translation - :


If we have NAT setup on the server connected to the internet, we could set the NAT on the outward facing interface "eth2" as below:


The below command states that the FORWARDING from the input interface "eth2" to the output interface "eth1" is accepted for packets that match other packets from an already established connections or other packets related to an already established connection: 


The below command accepts all packets forwarded from the internal interface "eth1" of  the server:


Brando Sabatini and Ikbal C ©. Powered by Blogger.