linux ( Rhel5 ) Security

what is Firewall Security ? and How to Configure in RedHat Server

Hello guys today we are going to learn what is Firewall and how to configure Firewall Security in Redhat Linux Server.before we will configure Firewall Security we will Know about some theory of Firewall .

you can teach through this article

1   Structure of firewall

2 Firewall Configuration

3 some important Firewall Commands

4 Block and allow ip address

5 Ethernet Security on port

6 Make address security

7 Domain Address Security

 

 

 

what is fire wall

Firewall is a part of  Security system. we used firewall on Computer and network system.firewall is a block unauthorized access and allow authorize Communication. Linux Server in Firewall Call IP Tables. fire wall Structre is divided in three parts 1. Filter table 2.Net tables 3. mangle. We can understand easily  through this below chart.Ip tables

Filter Table 

This is a Default and most table in Firewall Structure. this table is a Filter Data Packet. Here we can accept and drop any packet Manually. this table in have Three Chain 1. Input Chain 2.Output chain 3 Forward Chain    

1 Input Chain – Here we can apply rules on packet which packet are coming in system

2 Output Chain– Here we can apply rule on going packet through our system

3 Forword Chain – Packet for another NIC on the local server. For packets routed through the local server.

Net Tables

1 preRouting Chain – this chain in Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system

2 PostRouting Chainin – this chain in  Alters packets after routing. i.e Packet translation happens when the packets are leaving the system

3 Output Chain- this chain is work  for locally generated packets on the firewall.

Mangle Tables

Mangle tables a Combination is a of those table inthis table in use Filter table chain and Net Table Chain

Firewall Configuration

we can look ipv4(ipaddress 4) Configuration  File through this Commands

[root@localhost ~]# vim /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~:q

we can also look ipv6 Configuration File through this Commands

[root@localhost ~]# vim /etc/sysconfig/ip6tables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
~:q

Redhat in default  ip tables configure in case our system in not configure ip tables we can install ip tables through this commands (Note- in this package installation in use yum Server if you want to know how to configure yum Server in Redhay linux so click this link and look )

[root@localhost ~]# yum install iptables* -y

 IP Tables Commands

here i show Something ip tables related commands. after each configuration we need to save and restart iptables service

we can save iptables through this commands

[root@localhost ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]

we can restart stop and on ip tables through this Commands

[root@localhost ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]
[root@localhost ~]# service iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
[root@localhost ~]# service iptables start
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]

we can also on off service through this commands

[root@localhost ~]# chkconfig iptables on
[root@localhost ~]# chkconfig iptables off

we can look ip tables status through this Commands

[root@localhost ~]# service iptables status

we can look particular ip tables through this Commands .like here that i want look particular filter tables,net tables, mangle table

[root@localhost ~]# iptables -t filter -L
[root@localhost ~]# iptables -t nat -L
[root@localhost ~]# iptables -t mangle -L

we can look particular chain through this Commands

[root@localhost ~]# iptables -L INPUT -n -v
[root@localhost ~]# iptables -L OUTPUT -n -v
[root@localhost ~]# iptables -L FORWARD -n -v

we can flesh ip tables through this commands

[root@localhost ~]# iptables -F

now here we will do something practical and know how can we block any  ip address on our Server. here i want 1.0.0.1 ip address is block for all services on my system so we will fire below Commands

[root@localhost ~]# iptables -t filter -A INPUT -s 1.0.0.1 -j DROP

now we we can look filter tables in input chan . we  block  this ip address let’s we will cheek through this commands

[root@localhost ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 1011 packets, 1087K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       1.0.0.1              0.0.0.0/0

(Notes- after block we will save and restart ip tables service then our configuration is work)

we can also block particular ip address for particular service. for example here i want 192.168.16.23 can,t telnet on my server but can access all services so we will run below commands

[root@localhost ~]# iptables -t filter -A INPUT -s 192.168.16.23 -p tcp --dport telnet -j DROP

now we can check

[root@localhost ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 1279 packets, 1105K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       1.0.0.1              0.0.0.0/0
    0     0 DROP       tcp  --  *      *       192.168.16.23        0.0.0.0/0           tcp dpt:23

now we want drop all service going form my system then we can apply rum below Commands

[root@localhost ~]# iptables -t filter -A OUTPUT -p icmp -j DROP

we can Bock particular network for particular service through iptables.  but  we can allow particular ip address in block network network. for example here i block 10.0.0.0 network for telnet service but i allow 10.0.0.20 ip address for all service so we can do it through this commands

[root@localhost ~]# iptables -t filter -A INPUT -s 10.0.0.0/8 -p tcp --dport telnet -j DROP
[root@localhost ~]# iptables -t filter -A INPUT -s 10.0.0.20 -j ACCEPT

now we can look filter tables in input chain

[root@localhost ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 2163 packets, 1167K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       1.0.0.1              0.0.0.0/0
    0     0 DROP       tcp  --  *      *       192.168.16.23        0.0.0.0/0           tcp dpt:23
    0     0 DROP       tcp  --  *      *       10.0.0.0/8           0.0.0.0/0           tcp dpt:23
    0     0 ACCEPT     all  --  *      *       10.0.0.20            0.0.0.0/0

we can drop any particular network but allow fix range in ip address. fore example i Block 192.168.45.0 network . but i want allow 192.168.45.10-192.168.45.50 ip address so we can do it through this commands

[root@localhost ~]# iptables -t filter -A INPUT -s 10.0.0.0/8 -j DROP
[root@localhost ~]# iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 10.0.0.10-10.0.0.50 -j ACCEPT
[root@localhost ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 4481 packets, 1346K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       1.0.0.1              0.0.0.0/0
    0     0 DROP       tcp  --  *      *       192.168.16.23        0.0.0.0/0           tcp dpt:23
    0     0 DROP       tcp  --  *      *       10.0.0.0/8           0.0.0.0/0           tcp dpt:23
    0     0 ACCEPT     all  --  *      *       10.0.0.20            0.0.0.0/0
    0     0 DROP       all  --  *      *       10.0.0.0/8           0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 source IP range 10.0.0.10-10.0.0.50
    0     0 DROP       all  --  *      *       10.0.0.0/8           0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 source IP range 10.0.0.10-10.0.0.50

Ethernet Security on port 

iptables in we can block any Ethernet network port and also block particular ip address

here we weill block particular network

[root@dhcppc7 ~]# iptables -A INPUT -i eth1 -s 10.0.0.0/255.0.0.0 -j DROP
[root@dhcppc7 ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 1713 packets, 128K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  eth1   *       10.0.0.0/8           0.0.0.0/0

here we will block particular ip address

[root@dhcppc7 ~]# iptables -A INPUT -i eth1 -s 193.149.23.23 -j DROP
[root@dhcppc7 ~]# iptables -L INPUT -n -v
Chain INPUT (policy ACCEPT 1893 packets, 141K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  eth1   *       10.0.0.0/8           0.0.0.0/0
    0     0 DROP       all  --  eth1   *       193.149.23.23        0.0.0.0/0

Mac address security 

iptables in we can also hardware make address

[root@dhcppc7 ~]# iptables -A INPUT -m mac --mac-source hdhudb12bh -j DROP

we can also block any make address for particular Service

 [root@dhcppc7 ~]# iptables -A INPUT -p tcp --distnation-port 22 -m mac-source hfy3ghjd -j DROP</pre

Domain Address Security 

we can block any domen address through firewall its a very simple. we can apply both chain (input &output) you can do it throw below Commands

 

[root@localhost ~]# iptables -A INPUT -p tcp -d www.facebook.com -j DROP

[root@localhost ~]# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP

next tutorial in we will teach how to drop and apply any rules on firewall. we will also learn how can we take firewall back up file

if you have any problem in this process so please Comments here i will solve your problem otherwise like share and follow my blog for Linux Networking and IT Solution

thank you

BY Vishnu Sharma

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights