Scribd
Upload
29 views

Packet Filtering

A packet filter examines the header of packets passing through and decides whether to drop, accept, or perform other actions. Under Linux, packet filtering is built into the kernel. Iptables provides built-in chains for input, output, and forwarding packets, with rules specifying actions. Simple experiments can drop packets from an IP address. Firewalls use packet filtering and more to isolate a LAN, inspecting both incoming and outgoing traffic for security.

Uploaded by

Muhammad Mubshar Nazir
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
29 views

Packet Filtering

A packet filter examines the header of packets passing through and decides whether to drop, accept, or perform other actions. Under Linux, packet filtering is built into the kernel. Iptables provides built-in chains for input, output, and forwarding packets, with rules specifying actions. Simple experiments can drop packets from an IP address. Firewalls use packet filtering and more to isolate a LAN, inspecting both incoming and outgoing traffic for security.

Uploaded by

Muhammad Mubshar Nazir
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Packet Filtering and Firewall

What is a packet filter


• A piece of software which looks at the
header of packets as they pass through and
decides its fate
– DROP
– ACCEPT
– Or something more complicated.
• Under Linux, packet filtering is built into
the kernel.
Functions of Packet Filter
• Control
– Allow only those packets that you are interested
to pass through.
• Security
– Reject packets from malicious outsiders
• Ping of death
• telnet from outside
• Watchfulness
– Log packets to/from outside world
Packet Filter under Linux
• 1st generation
– ipfw (from BSD)
• 2nd generation
– ipfwadm (Linux 2.0)
• 3rd generation
– ipchains (Linux 2.2)
• 4th generation
– iptable (Linux 2.4)
– In this lecture, we will concentrate on iptable.
iptable
• Kernel starts with three lists of rules called
(firewall) chains.
– INPUT
– OUTPUT
– FORWARD
• Each rule say “if the packet header looks
like this, then here’s what to do”.
• If the rule doesn’t match the packet, then
the next packet will be consulted.
Routing
Decision Forward

Input Output

Local Process
1. When a packet comes in, the kernel first
looks at the destination of the packet: this
is called routing.
2. If it’s destined for this box
• Passes downwards in the diagram
• To INPUT chain
• If it passes, any processes waiting for that packet
will receive it.
Routing
Forward
Otherwise go to step 3 Decision

Input Output

Local Process
Routing
Decision Forward

3. If forwarding is not enabled


Input Output
 The packet will be dropped Local Process

If forwarding is enable and the packet is


destined for another network interface.
 The packet goes rightwards on our diagram to
the FORWARD chain.
 If it is accepted, it will be sent out.
4. Packets generated from local process pass
to the OUPUT chain immediately.
 If its says accept, the packet will be sent out.
Usage

SYNOPSIS
iptables -[ADC] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -P chain target [options]
iptables -E old-chain-name new-chain-name
-N Create a new chain
-X Delete an empty chain
-P Change the policy for a built-in chain
-L List the rules in a chain
-F Flush the rules out of a chain
-Z Zero the packet and byte counters on all
rules in a chain

Operations to manage whole chains


-A Append a new rule to a chain

-I Insert a new rule at some


position in a chain
-R Replace a rule at some
position in a chain
-D Delete a rule at some position
in a chain
-D Delete the first rule that
matches in a chain

Manipulate rules inside a chain


• A simple experiment
– Drop all ICMP packets coming from the IP
address 127.0.0.1
# ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.2 ms

--- 127.0.0.1 ping statistics ---


1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.2 ms
# iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
# ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes

--- 127.0.0.1 ping statistics ---


1 packets transmitted, 0 packets received, 100% packet loss
#
Firewall
• A firewall is a computer system dedicated
to ‘isolate’ a LAN from the Internet.
• It is at the entry point of the LAN it
protects.
• It inspect and make decisions about all
incoming packets before it reaches other
parts of the system.
• Outgoing traffic may also be inspected
and/or blocked.
• A firewall can be a simple packet filter.
• It can also be an enormously complex
computer system with
– extensive logging systems,
– intrusion detection systems.
• Nowadays, it is easy to download a free
firewall that can be run on your Linux or
Unix system.
• These firewall usually provides good
interface to specify rules to
– Block particular incoming connections from
systems outside your LAN.
– Block all connections to or from certain
systems you distrust.
– Allow email and ftp services, but block
dangerous services like TFTP, RPC, rlogin etc.
– Block certain type of packets.
References
• Rusty Russell, “Linux 2.4 Packet Filtering
HOWTO”, it can be found in many web
achieve.
Remarks
• We haven’t covered all the functions of
iptables yet.
• You are encourage to read
– The manual of iptables
– Rusty Russell, “NAT-HOWTO”
– Rusty Russel, “netfilter-hacking-HOWTO

You might also like