linux firewall - nullcon chennai presentation
DESCRIPTION
Our presentation at Null Con ChennaiTRANSCRIPT
![Page 1: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/1.jpg)
Linux Firewall
June 29 2014
Vinoth SivasubramanianGanapathy Kannan
![Page 2: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/2.jpg)
Agenda
Introduction to Linux Firewalls
Firewall Basics
IP Tables
Firewall Management
Challenges and Solutions
![Page 3: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/3.jpg)
Introduction
Why Need a Firewall
Improved Access Control at Network Layer and Transport Layer
Better Detection Capabilities
Why Linux Firewalls
Open source Low Cost
Flexible Can align with business and user need
Continual improvement
![Page 4: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/4.jpg)
What is a firewall?
What is a firewall ???
A firewall is a device filtering traffic between 2 or more networks based on predefined rules
![Page 5: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/5.jpg)
IP Chains
IP Chains
Loadable kernel module that performs packet filtering
Comes with most Linux distribution
No Port Forward
Concept of chain ( Input , Output and Forward)
![Page 6: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/6.jpg)
IP Tables
IP Tables
Loadable kernel module
Since kernel 2.4.x
Everything of IP Chains plus stateful inspection, improved matching and port forward
More customized login
Requires expertise and careful study of organization
![Page 7: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/7.jpg)
IP Tables – Implementation – Command Line
Open a terminal window ( Must be logged in as root ) typing
#iptables
iptables<version number: no command specified ( If IP tables already installed)
IF IP tables are not installed then follow the follow instructions to enable IP Tables
IP tables can be downloaded from http://www.nefilter.org
#tar –xvjf ./iptables-1.*.*.tar.bz2 –c/usr/src
#cd /usr/src/iptables-1.*.* ( to the directory it has created)
#/bin/sh –c make
#/bin/sh –c make install to finish the install
![Page 8: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/8.jpg)
Implementation of policies
Sample
#iptables –P INPUT/DROP/ACCEPT
#iptables –P OUTPUT/DROP/ACCEPT
#iptables –P FORWARD/DROP/ACCEPT
![Page 9: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/9.jpg)
Implementation of policiesImplementing Rules
#iptables –A INPUT I eth0 –p tcp (–s 192.168.0.222) –dport 22 –j drop
A to append the rule at the bottom of specified chain
I to insert the rule at the top of the specfified chain
I income interface
P protocol
S incoming ip
Dport destination port
Sport source port
O outgoing interface
D destination ip
#service iptables save
![Page 10: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/10.jpg)
Implementation of policiesDeleting rules
# iptables –D INPUT <number>
#iptables –D INPUT – i eth0 –p tcp dport 22 –j DROP
![Page 11: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/11.jpg)
Implementation of policies using GUI
# system-config-firewall in command line
Or
System Administration Firewall in the Menu
![Page 12: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/12.jpg)
Implementation of policies using GUI
Sample Snapshot
![Page 13: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/13.jpg)
Typical Implementation
Internal LAN
DMZ Servers
Internal LAN Router Internet
![Page 14: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/14.jpg)
Tools for Compiling IPTables www.fwbuilder.org Online tool to help build Linux firewall rules ( Open source)
fwlogwatch.inside-security.de/ Tool to analyse IP tables logs
Challenges
No clear visibility on flow of traffic , ports and services used in the organization
Solutions to them are documenting the ports, services being used in the organization
Does not do deep packet inspection to filter malicious traffic
![Page 15: Linux Firewall - NullCon Chennai Presentation](https://reader036.vdocument.in/reader036/viewer/2022082702/554f78ebb4c9052a518b4918/html5/thumbnails/15.jpg)
Thank You
Q& A