Open in app

Sign in

Write

Sign in

[Firewall]How to implement host-based firewall protection with iptables.

Objectives

Takahiro Oda
4 min readDec 30, 2021

You will understand how to configure iptables host-based firewall in Ubuntu machine.

Why you need to know

As an admin, you should know how to configure iptables host based firewall to allow or block traffic to or from a Linux system. iptables allow administrators to enter rules for the firewall into existing tables from the command line.

What is iptables?

iptables are command-line firewall utility that use policy chains to allow or block traffic.

Network Topology

Demo

1: Login Client (windows 10)

2:install Nmap and open it.

3: Zenmap main window appears. The address of Ubuntu is 10.0.0.201. So type the address in target space. Then, you click Scan.

4: The scan results of the Ubuntu machine shows up. You can see the scan results all 999 ports are closed but not filtered.

5: Open Command Prompt and ping 10.0.0.201. Ubuntu machine is accepting the ping requests.

6:Login Ubuntu machine and open terminal

7: Type sudo su to get root privilage

8:Type iptables — list and press Enter. This command will list the existing iptables rules. You can see all three chains accept all kind of infomation.

9: Type iptables -F. This command will flush all the rules and disables the firewall temporarily.

10:Type iptables -P INPUT DROP. This command -P switch is used to set the default policy. This command will make the Firewall, block all incoming communication for Ubuntu.

11: Go back to Client (Windows 10) and open command prompt. Type 10.0.0.201. You can see the Ubuntu machine shows request time out.

12: Switch back to Ubuntu and type iptables -A INPUT -m state — state ESTABLISHED,RELATED -j ACCEPT

This command makes your device accept only those incoming connections which are initiated by you.

13: To block forwarding, type iptables -P FORWARD DROP

14: To allow accepting of packets for outgoing connections, type

iptables -P OUTPUT ACCEPT

15: Type iptables — list. We can see the firewall config.

16:To block Ping request, type

iptables -A INPUT -p icmp — icmp-type echo-request -j REJECT

17: Check firewall setting again. iptables — list

18: Back to Client (Windows 10) type 10.0.0.201.

You can see the message “Destination port Unreachable” because Ubuntu is blocking the ping requests.

19: Open Zenmap and scan again.

20:As you can see , all ports are filtered which means they are present behind a firewall. If a port is closed and you send a SYN packet, it replies with a RST packet, but filtered ports never reply to SYN packets from unknown hosts. They only initiate a connection from a user.

Conclusion

you learned how to configure iptables host-based firewall in Ubuntu.

Iptables
Firewall
Nmap

--

--

Takahiro Oda

Written by Takahiro Oda

437 Followers

Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams