Hey guys. I do have a little bit of experience on Kali but not with networking. I did the procedures that I’ve read on the book i just bought a while ago and it turned out to be effective. Very reliable book from rootsh3ll. And I was confused when I encontered the part of iptables. I do understand the flow through researches but I really want a deeper understanding about the firewall of Kali and how to use iptables for editing it. Could anyone help me out please.
iptables command as a guard standing at the hotel door keeping record of each and every person going in and out. In other words, a firewall.
Imagine the hotel to be the Internet and everybody outside to be a free roaming client.
Now when a client get into contact with the hotel’s main entrance (Access Point) he is allowed to enter the premises. But then to have access of hotel (Internet) client needs to either have an entry pass (login credentials) or he can buy that on the spot (Sign up).
Now let’s assume the client has bought the entry pass (signed up using gmail) and entered into the hotel. Hotel guard will now record all the information provided by the client into a his record-keeping book (firewall table).
- Pass number
- Room number
- Entry time
- Exit time
- Time spent
- Total expense
Similar with the clients going out of the hotel (disconnecting WiFi, say).
So, the guard has all the client data and he uses it to check the authenticity of the user joining or leaving the premises. and to ban the client/user if told so.
Now with iptables, you as a user have power to create your own set of rules and automate the process without having a need to manually approving each connecting client.
There are 3 CHAINS. These are INPUT, FORWARD and OUTPUT.
|INPUT||Used to control the behaviour of INCOMING connections|
|FORWARD||Used to Send the data between interfaces|
|OUTPUT||Used to control the behaviour of OUTGOING connections|
Some Example Rules:
Note: All the commands needs to be executed as root user. Use
sudobefore every command to run as root
|List Table||iptables -S|
|Delete All chains||iptables -F|
|Delete a specific chain (INPUT)||iptables -F INPUT|
|Forward data between interfaces||iptables -A FORWARD -i at0 -o eth0 -j ACCEPT|
Illustration (Click to see bigger and clear image):
Here in last example,
-A stands for Append, means Append this rule to the chain.
-i is input, which means traffic from this interface will be taken as input and forwarded to the output (-o) i.e eth0
and -j ACCEPT means what to do when any packet matches the rule.
This rules simply specifies that any packet coming from interface: at0 will be forwarded to eth0
You can make these rules more sophisticated, and set appropriate actions to the packets matchiing the rule.
Actions: ACCEPT vs DROP vs REJECT
|ACCEPT||Allow the connection|
|DROP||Drop the connection (Useful if you want the system to ‘disappear’ off the network)|
|REJECT||Don’t allow the connection but send an error back.|
Forward all the traffic from interface: at0 from port 8080 and 8888 to eth0.
or another example,
Block all the HTTP (port 80) traffic on at0 interface…, or
Block Incoming Port 80 except for IP Address 10.10.10.100
Commands for above examples are:
|Forward||iptables -A INPUT -i at0 -o eth0 --dport 8080,8888 -j ACCEPT|
|Block||iptables -A INPUT -p tcp -i at0 --dport 80 -j DROP|
|Block except 10.10.10.100||iptables -A INPUT -p tcp -i at0 -s ! 10.10.10.100 --dport 80 -j DROP|
--dport means destination port.
These are a few basics of
iptables utility, Hope you have a clearer perspective of what can be done with iptables
Thanks Harry!!!.. still you prove to be the best teacher ever!!! I now achieved what I want… Thanks a lot… and Godspeed!!!