Location>code7788 >text

Linux Firewall and Security Management Tools Explained

Popularity:902 ℃/2024-09-27 19:35:02

Linux Firewall and Security Management Tools Explained

1. Overview of Iptables

Iptables is a tool for controlling network traffic on Linux systems by defining rules to filter, forward, and modify packets. Its rules carefully manage the flow of data into and out of the system.

1.1 Three tables and five chains

image

1.1.1 Three tables

There are three main types of tables in Iptables, each used for different operations:

  1. filter table

    • corresponds English -ity, -ism, -ization: Responsible for the filtering of packets, deciding which packets are allowed to pass.
    • main chain
      • INPUT: Processes packets entering the firewall.
      • OUTPUT: Processes packets from the firewall.
      • FORWARD: Processes packets forwarded through the firewall.
  2. nat table

    • corresponds English -ity, -ism, -ization: Used for network address translation to modify the source or destination address of a packet.
    • main chain
      • PREROUTING: Processing packets before routing decisions are made.
      • POSTROUTING: Processed before the packet leaves the firewall.
      • OUTPUT: Processes packets generated by this machine.
  3. mangle table

    • corresponds English -ity, -ism, -ization: Used to modify certain characteristics of a packet, such as TOS, TTL, and marking.
    • main chain
      • PREROUTING: Processing before packet routing decisions.
      • POSTROUTING: Processed before the packet leaves the firewall.
      • INPUT: Processes packets entering the firewall.
      • OUTPUT: Processes packets from the firewall.
      • FORWARD: Processes forwarded packets.

1.1.2 Five chains

The five chains in Iptables are:

  1. INPUT: Processes incoming firewall traffic.
  2. OUTPUT: Handles traffic going out the firewall.
  3. FORWARD: Handles forwarded traffic.
  4. PREROUTING: All packets entering the firewall first pass through this chain.
  5. POSTROUTING: All packets going out of the firewall go through this chain.

1.2 Iptables Example

1.2.1 Allow SSH access and deny other traffic (filter table)

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP
Explanation: Allow SSH access, all other traffic will be denied.

1.2.2 Port Forwarding Example (nat table)

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.10:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
Explanation: Forward HTTP traffic from external access to the internal server.

1.2.3 Modifying the TOS example (mangle table)

iptables -t mangle -A OUTPUT -p tcp --dport 80 -j TOS --set-tos 0x10
Ans: Modify the TOS field of packets sent to HTTP.

2. UFW(Uncomplicated Firewall)

2.1 General

UFW is a firewall management tool to simplify Iptables operations, mainly for Ubuntu systems. It provides an easy-to-use command line and graphical interface.

2.2 Main features

Easy to use: Enables users to quickly set up firewall rules with simplified commands.
Default Policy: You can easily set the default allow or deny rules.
Status Management: Supports viewing firewall status and configured rules.

2.3 Examples

2.3.1 Enabling UFW

ufw enable

2.3.2 Allowing SSH

ufw allow ssh

2.3.3 Deny HTTP

ufw deny http

3. SELinux(Security-Enhanced Linux)

3.1 General

SELinux is a Mandatory Access Control (MAC) mechanism that provides an additional layer of security to control the interaction of processes and objects in the system. It was developed by NSA and is integrated into many Linux distributions.

3.2 Main features

Fine-grained control: Access rights can be precisely controlled according to the security policy.
Enforcement: Bypassing the set security policy is not allowed.
Context management: Each file and process has a security context to define access rights.

3.3 Examples

3.3.1 Viewing SELinux Status

sestatus

3.3.2 Setting SELinux to relaxed mode

setenforce 0

3.3.3 Setting SELinux to Force Mode

setenforce 1

4. Firewalld

4.1 General

Firewalld is a dynamic firewall management tool designed to replace Iptables. it uses the concepts of zones and services to manage rules, allowing users to dynamically add and remove rules.

4.2 Main features

Area management: Set different rules according to different areas of the network (e.g. internal, external).
Service Management: Instead of using port numbers, rules can be managed using service names.
Dynamic Updates: Support dynamic adding and deleting rules without restarting the firewall.

4.3 Examples

4.3.1 Starting Firewalld

systemctl start firewalld

4.3.2 Allowing SSH services

firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload

4.3.3 Viewing current rules

firewall-cmd --list-all

Iptables, UFW, SELinux and Firewalld are important security management tools in Linux systems. Each of them has different application scenarios and characteristics, and can effectively protect the system security. By properly configuring these tools, you can realize a powerful network security policy.