Chapter 2. Firewalls with iptables and ipchains
Your network’s first barrier against unwanted infiltrators is your firewall. You do have a firewall in place, right? If you think you don’t need one, monitor your incoming network traffic some time: you might be amazed by the attention you’re receiving. For instance, one of our home computers has never run a publicly accessible service, but it’s hit 10-150 times per day by Web, FTP, and SSH connection requests from unfamiliar hosts. Some of these could be legitimate, perhaps web crawlers creating an index; but when the hits are coming from dialup12345.nowhere.aq in faraway Antarctica, it’s more likely that some script kiddie is probing your ports. (Or the latest Windows worm is trying in vain to break in.)
Linux has a wonderful firewall built right into the kernel, so you
have no excuse to be without one. As a superuser, you can configure
this firewall with interfaces called
ipchains
and
iptables
. ipchains models a
stateless
packet filter. Each packet reaching the firewall is evaluated against
a set of rules. Stateless means that the
decision to accept, reject, or forward a packet is not influenced by
previous packets.
iptables, in contrast, is stateful: the firewall can make decisions based on previous packets. Consider this firewall rule: “Drop a response packet if its associated request came from server.example.com.” iptables can manage this because it can associate requests with responses, but ipchains cannot. Overall, iptables ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.