Main Menu

Linux

friends

Other Stuff

Related Articles

Latest articles

Hello World in perl
18/11/2009 | mad mad mod

This article describes how to write and execute a "Hello World" perl script on Linux (Fedora).  1. the prerequisitesa text editor of your choice (e.g. vi)the perl interpreter
make sure you have in [ ... ]


+ Full Story
Find duplicated files on your file system
10/03/2010 | mad mad mod

A very nice tool to find duplicated files on your file system is "fslint". It is available from the standard Fedora repository. To install fslint just enter the following command: [root@blackmod  [ ... ]


+ Full Story
Other Articles
Facebook MySpace Twitter Digg Delicious Stumbleupon Google Bookmarks 

Designed by:
SiteGround web hosting Joomla Templates
Firewall on Fedora Linux E-mail
Security

In a nutshell

The core of the Linux firewall is the netfilter kernel module. To add or remove firewall rules you need the "iptables" application (should already be installed).

 

 

where is the configuration file for iptables?

The actual configuration file is here: /etc/sysconfig/iptables-config. But the firewall rules are saved here: /etc/sysconfig/iptables.

 

 

What are Chains?

A set of firewall rules is called a chain.

With "iptables -L" you can list all chains:

[root@myweb ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

--> no chains defined at the moment.

 

There are 3 predefined (built-in) chains for the filter table (packet filtering):

  • FORWARD
  • INPUT
  • OUTPUT

 

 

What is a Target?

The target defines what to do with a packet that matches the rule.

 

There are 2 important rules:

  • DROP
  • ACCEPT

 

 

Some Examples

We want to drop all outgoing packages to IP 62.112.154.29. To do this we have to add a rule to the (predefined) OUTPUT chain which drops all packes with target IP 62.112.154.29.

 

Before:

[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
64 bytes from 62.112.154.29: icmp_seq=1 ttl=54 time=25.8 ms
64 bytes from 62.112.154.29: icmp_seq=2 ttl=54 time=19.4 ms
64 bytes from 62.112.154.29: icmp_seq=3 ttl=54 time=19.9 ms
64 bytes from 62.112.154.29: icmp_seq=4 ttl=54 time=20.2 ms

 

Now we add the rule:

[root@myweb ~]# iptables -t filter -A OUTPUT -d 62.112.154.29 -j DROP

 

After:

 
[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

 

Now we delete the rule:

 
[root@myweb ~]# iptables -D OUTPUT -d 62.112.154.29 -j DROP

Comments (0)
Write comment
Your Contact Details:
Comment:
[b] [i] [u] [url] [quote] [code] [img]   
:D:angry::angry-red::evil::idea::love::x:no-comments::ooo::pirate::?::(
:sleep::););)):0
Security
Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."
 
mad mad mod, Powered by Joomla! and designed by SiteGround web hosting