334.3 Packet Filtering (weight: 5)

Tech Tutorial: 334.3 Packet Filtering #

Introduction #

Packet filtering is a crucial security measure that controls network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on a set of security rules. It is a fundamental aspect of firewall configurations in Linux. This tutorial covers the essential aspects of packet filtering, focusing on the utilities iptables and nftables, the two most widely used tools in Linux for managing firewall rules.

Exam Objective: #

The objective of this tutorial is to equip learners with the knowledge and skills needed to configure and manage packet filtering using iptables and nftables on Linux systems.

Key Knowledge Areas: #

  • Understanding of netfilter architecture
  • Managing iptables and nftables
  • Configuring default policies
  • Writing and deploying effective rules
  • Using tables, chains, and rules for both IPv4 and IPv6

Utilities: #

  • iptables
  • nftables

Step-by-Step Guide #

Understanding Netfilter Architecture #

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations, such as packet filtering, NAT, and IP masquerading. Tools like iptables and nftables interface with this framework to apply rules to control the flow of network traffic.

Managing iptables #

Installation #

Ensure iptables is installed on your system. You can install it using the package manager:

sudo apt-get install iptables

Viewing Current Rules #

To view all current iptables rules:

sudo iptables -L -v

Setting Default Policies #

Set default policies to DROP for INPUT, FORWARD, and OUTPUT chains:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP

Adding Rules #

Allow incoming SSH connections:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Allow outgoing HTTP and HTTPS traffic:

sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT

Managing nftables #

Installation #

Ensure nftables is installed on your system:

sudo apt-get install nftables

Switching to nftables #

Stop and disable iptables:

sudo systemctl stop iptables
sudo systemctl disable iptables

Enable and start nftables:

sudo systemctl enable nftables
sudo systemctl start nftables

Configuring Tables and Chains #

Create a table and basic chains:

sudo nft add table ip filter
sudo nft add chain ip filter input { type filter hook input priority 0 \; policy drop \; }
sudo nft add chain ip filter forward { type filter hook forward priority 0 \; policy drop \; }
sudo nft add chain ip filter output { type filter hook output priority 0 \; policy drop \; }

Adding Rules #

Allow incoming SSH:

sudo nft add rule ip filter input ip protocol tcp dport 22 accept

Allow HTTP and HTTPS:

sudo nft add rule ip filter output ip protocol tcp dport 80 accept
sudo nft add rule ip filter output ip protocol tcp dport 443 accept

Conclusion #

The ability to configure and manage packet filters using iptables and nftables is essential for maintaining a secure Linux environment. This tutorial provided an introduction to the basic commands and configurations necessary to get started with Linux packet filtering. Both iptables and nftables offer powerful tools for securing your network by precisely defining which packets are allowed to enter or leave the system. By mastering these tools, you can significantly enhance the security posture of your Linux systems.