SlideShare a Scribd company logo

IPTables Lab

Kaan Aslandağ, profile picture
Kaan Aslandağ

The document summarizes steps taken in an iptables lab to configure firewall rules allowing specific traffic. It shows how to allow SSH from 10.30.30.254 to 10.30.30.5, then add rules for DNS, HTTP and HTTPS. One rule is deleted without saving, so it will not persist after a restart. Testing connection attempts confirm the active rules.

Engineering
1 of 4
Download to read offline
1
2
3
4
1 IPTABLES LAB  Allow Source 10.30.30.254 to Destination 10.30.30.5 via SSH  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport ssh -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo systemctl restart iptables.service (Test if policy is permanent after restart) - After doing a new SSH connection request, we will see our policy is working fine
2  What if we change our source IP and try again? Answer: It will be matched with the “INPUT DROP POLICY” and drop our SSH connection request.
3  Allow DNS, HTTP, HTTPS Source 10.30.30.254 Destination 10.30.30.5  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport http -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport https -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo iptables -D INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT “-D” is deleting policy. Now we deleted the DNS access and when we will send “telnet” request to our BIND server, we will not have a successful connection But also we didn’t save the config to /etc/sysconfig/iptables so after restarting the iptables service we expect to see our saved “Allow 53 “ policy
4  sudo systemctl restart iptables.service (Test if policy is permanent after restart)  sudo iptables –L To send the connection request if we have access to our server via 53 port:  telnet 10.30.30.5 53 Seeing the TCP handshake between our physical machine and BIND Server 1/18/2022 X Kaan Aslandag Signed by: www.kaan1.com

More Related Content

PDF
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
PDF
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
 
PDF
Configuration of SFTP Server on CentOS 8.pdf
Kaan Aslandağ
 
PDF
Firewalld LAB
Kaan Aslandağ
 
PDF
Configuration of NTP Server on CentOS 8
Kaan Aslandağ
 
PDF
Configuration of BIND DNS Server On CentOS 8
Kaan Aslandağ
 
PDF
Configuration Firewalld On CentOS 8
Kaan Aslandağ
 
PDF
CentOS Server CLI Configuration (Nmcli & Hosts)
Kaan Aslandağ
 
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
 
Configuration of SFTP Server on CentOS 8.pdf
Kaan Aslandağ
 
Firewalld LAB
Kaan Aslandağ
 
Configuration of NTP Server on CentOS 8
Kaan Aslandağ
 
Configuration of BIND DNS Server On CentOS 8
Kaan Aslandağ
 
Configuration Firewalld On CentOS 8
Kaan Aslandağ
 
CentOS Server CLI Configuration (Nmcli & Hosts)
Kaan Aslandağ
 

What's hot (20)

PDF
CentOS Server Gui Initial Configuration
Kaan Aslandağ
 
DOCX
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
Saroj Sahu
 
PDF
Ftp configuration in rhel7
Balamurugan M
 
PDF
TFTP Installation Configuration Guide
VCP Muthukrishna
 
PDF
Dhcp
Md Shihab
 
PPSX
Linux02 install SSh
Jainul Musani
 
TXT
Server readme
Stenli Siderov
 
DOCX
Router Commands Overview
Muhammed Niyas
 
PPTX
Linux Commands
lucita cabral
 
DOCX
How to shutdown the Netapp SAN 8.3 and 9.2 version
Saroj Sahu
 
PDF
How To Install and Configure Salt Master on Ubuntu
VCP Muthukrishna
 
PDF
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
PDF
mail server
chacheng oo
 
TXT
Ftpádas
Phạm Anh
 
PDF
Basic security & info
Tola LENG
 
PDF
How to Install Configure and Use sysstat utils on RHEL 7
VCP Muthukrishna
 
PDF
How to use mmdvm host wif main board
AURELIO PY5BK
 
PDF
Nfs
Md Shihab
 
PDF
VPNIPSec site to site
Dimitri LEMBOKOLO
 
PPTX
Introduction to linux day1
Gourav Varma
 
CentOS Server Gui Initial Configuration
Kaan Aslandağ
 
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
Saroj Sahu
 
Ftp configuration in rhel7
Balamurugan M
 
TFTP Installation Configuration Guide
VCP Muthukrishna
 
Dhcp
Md Shihab
 
Linux02 install SSh
Jainul Musani
 
Server readme
Stenli Siderov
 
Router Commands Overview
Muhammed Niyas
 
Linux Commands
lucita cabral
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
Saroj Sahu
 
How To Install and Configure Salt Master on Ubuntu
VCP Muthukrishna
 
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
mail server
chacheng oo
 
Ftpádas
Phạm Anh
 
Basic security & info
Tola LENG
 
How to Install Configure and Use sysstat utils on RHEL 7
VCP Muthukrishna
 
How to use mmdvm host wif main board
AURELIO PY5BK
 
Nfs
Md Shihab
 
VPNIPSec site to site
Dimitri LEMBOKOLO
 
Introduction to linux day1
Gourav Varma
 
Ad

Similar to IPTables Lab (20)

PPT
Iptables in linux
Mandeep Singh
 
DOCX
How to Install iptable on Debian 12.docx
Green Webpage
 
PPT
Modul 3 Firewalll.ppt
cemporku
 
DOCX
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
DOCX
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
DOCX
Ccnacommand 140205001152-phpapp01
A.S.M Shmimul Islam.
 
PDF
Reducing iptables configuration complexity using chains
Dieter Adriaenssens
 
DOCX
Ccna command
Siddhartha Rajbhatt
 
PPTX
Hadoop Cluster - Basic OS Setup Insights
Sruthi Kumar Annamnidu
 
PDF
Athenticated smaba server config with open vpn
Chanaka Lasantha
 
PDF
Ccna commands
bunthon oun
 
DOC
Ccna commands
Hajji Mboowa Yahaya
 
DOC
Ccna commands
Hajji Mboowa Yahaya
 
PDF
Dev ops on startup environment
Evaldo Felipe
 
PPT
Ip6 tables in linux
Mandeep Singh
 
PDF
Linux internet server security and configuration tutorial
annik147
 
PDF
Ccna Commands In 10 Minutes
CCNAResources
 
DOCX
Cent os 5 ssh
Alejandro Besne
 
TXT
Linuxserver harden
Gregory Hanis
 
PDF
Introduction to firewalls through Iptables
Bud Siddhisena
 
Iptables in linux
Mandeep Singh
 
How to Install iptable on Debian 12.docx
Green Webpage
 
Modul 3 Firewalll.ppt
cemporku
 
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
Ccnacommand 140205001152-phpapp01
A.S.M Shmimul Islam.
 
Reducing iptables configuration complexity using chains
Dieter Adriaenssens
 
Ccna command
Siddhartha Rajbhatt
 
Hadoop Cluster - Basic OS Setup Insights
Sruthi Kumar Annamnidu
 
Athenticated smaba server config with open vpn
Chanaka Lasantha
 
Ccna commands
bunthon oun
 
Ccna commands
Hajji Mboowa Yahaya
 
Ccna commands
Hajji Mboowa Yahaya
 
Dev ops on startup environment
Evaldo Felipe
 
Ip6 tables in linux
Mandeep Singh
 
Linux internet server security and configuration tutorial
annik147
 
Ccna Commands In 10 Minutes
CCNAResources
 
Cent os 5 ssh
Alejandro Besne
 
Linuxserver harden
Gregory Hanis
 
Introduction to firewalls through Iptables
Bud Siddhisena
 
Ad

Recently uploaded (20)

PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Construction Project Organization Group 2.pptx
vj5agdales
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
composite construction of structures.pdf
AinieButt1
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Project quality management in manufacturing
BarMusaTetik
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
web development for engineering and engineering
keshriji700
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 

IPTables Lab

  • 1. 1 IPTABLES LAB  Allow Source 10.30.30.254 to Destination 10.30.30.5 via SSH  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport ssh -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo systemctl restart iptables.service (Test if policy is permanent after restart) - After doing a new SSH connection request, we will see our policy is working fine
  • 2. 2  What if we change our source IP and try again? Answer: It will be matched with the “INPUT DROP POLICY” and drop our SSH connection request.
  • 3. 3  Allow DNS, HTTP, HTTPS Source 10.30.30.254 Destination 10.30.30.5  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport http -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport https -j ACCEPT  sudo iptables -A INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT  sudo iptables –L (To see our policy in the list)  sudo iptables-save > /etc/sysconfig/iptables (Save config, otherwise policies will be gone after restart)  sudo iptables -D INPUT -s 10.30.30.254 -d 10.30.30.5 -p tcp --dport 53 -j ACCEPT “-D” is deleting policy. Now we deleted the DNS access and when we will send “telnet” request to our BIND server, we will not have a successful connection But also we didn’t save the config to /etc/sysconfig/iptables so after restarting the iptables service we expect to see our saved “Allow 53 “ policy
  • 4. 4  sudo systemctl restart iptables.service (Test if policy is permanent after restart)  sudo iptables –L To send the connection request if we have access to our server via 53 port:  telnet 10.30.30.5 53 Seeing the TCP handshake between our physical machine and BIND Server 1/18/2022 X Kaan Aslandag Signed by: www.kaan1.com