Setting up firewall rules in Kali


Hey guys. I do have a little bit of experience on Kali but not with networking. I did the procedures that I’ve read on the book i just bought a while ago and it turned out to be effective. Very reliable book from rootsh3ll. And I was confused when I encontered the part of iptables. I do understand the flow through researches but I really want a deeper understanding about the firewall of Kali and how to use iptables for editing it. Could anyone help me out please.:slight_smile:

(Harry) #2

Think of iptables command as a guard standing at the hotel door keeping record of each and every person going in and out. In other words, a firewall.

Imagine the hotel to be the Internet and everybody outside to be a free roaming client.
Now when a client get into contact with the hotel’s main entrance (Access Point) he is allowed to enter the premises. But then to have access of hotel (Internet) client needs to either have an entry pass (login credentials) or he can buy that on the spot (Sign up).

Now let’s assume the client has bought the entry pass (signed up using gmail) and entered into the hotel. Hotel guard will now record all the information provided by the client into a his record-keeping book (firewall table).

Information like:

  • Name
  • Pass number
  • Room number
  • Entry time
  • Exit time
  • Time spent
  • Total expense

Similar with the clients going out of the hotel (disconnecting WiFi, say).

So, the guard has all the client data and he uses it to check the authenticity of the user joining or leaving the premises. and to ban the client/user if told so.

Now with iptables, you as a user have power to create your own set of rules and automate the process without having a need to manually approving each connecting client.

There are 3 CHAINS. These are INPUT, FORWARD and OUTPUT.

Chain Name Meaning
INPUT Used to control the behaviour of INCOMING connections
FORWARD Used to Send the data between interfaces
OUTPUT Used to control the behaviour of OUTGOING connections

Some Example Rules:

Note: All the commands needs to be executed as root user. Use sudo before every command to run as root

Rule Command
List Table iptables -S
Delete All chains iptables -F
Delete a specific chain (INPUT) iptables -F INPUT
Forward data between interfaces iptables -A FORWARD -i at0 -o eth0 -j ACCEPT

Illustration (Click to see bigger and clear image):

Here in last example, -A stands for Append, means Append this rule to the chain.
-i is input, which means traffic from this interface will be taken as input and forwarded to the output (-o) i.e eth0
and -j ACCEPT means what to do when any packet matches the rule.

This rules simply specifies that any packet coming from interface: at0 will be forwarded to eth0

You can make these rules more sophisticated, and set appropriate actions to the packets matchiing the rule.


ACTION Name Meaning
ACCEPT Allow the connection
DROP Drop the connection (Useful if you want the system to ‘disappear’ off the network)
REJECT Don’t allow the connection but send an error back.

Forward all the traffic from interface: at0 from port 8080 and 8888 to eth0.
or another example,
Block all the HTTP (port 80) traffic on at0 interface…, or
Block Incoming Port 80 except for IP Address

Commands for above examples are:

Example Command
Forward iptables -A INPUT -i at0 -o eth0 --dport 8080,8888 -j ACCEPT
Block iptables -A INPUT -p tcp -i at0 --dport 80 -j DROP
Block except iptables -A INPUT -p tcp -i at0 -s ! --dport 80 -j DROP

Here, --dport means destination port.

These are a few basics of iptables utility, Hope you have a clearer perspective of what can be done with iptables :slight_smile:


Thanks Harry!!!.. still you prove to be the best teacher ever!!! I now achieved what I want… Thanks a lot… and Godspeed!!! :slight_smile: