· learnings  · 2 min read

Linux学习日志 Ⅺ

*************************************************************
Firewall Architectures
●Basic Packet Filter (Dual Homed Firewall)
●Screened Host (use bastion hosts )
●Screened Subnet (Uses two packet filters and at least one bastion host)

Firewall architecture should be based on firewall policy statements
*************************************************************

Filter

Set policy
iptables –t

-P
Ex.
Iptables –t filter –P Forward Drop

Listing Rules
●iptables -t

-L
–Lists all rules in all chains in the table in order
●iptables -t
-L
–Lists all rules in that chain in the table in order

Adding Rules
●iptables -t

-I-j
–Inserts rule into position
●iptables -t
-A-j
–Appends rule to end of chain
-----------------------------------------------------------------------------------------------------------

“filter” stores rules regarding packet filtering “nat” stores rules regarding network address translation●“INPUT” chain used to filter incoming packets ●“OUTPUT” chain used to filter outgoing packets ●“FORWARD” chain used to filter incoming packets which will be going out\--source\--destination\--protocol–Types include tcp, udp, icmp –--source-port–--destination-port–“ACCEPT” allows packet to proceed –“REJECT” returns rejection to source –“DROP” ignores packet with no notice to source –“LOG” is a special target \----------------------------------------------------------------------------------------------------------- IMPORTANT: must config both direction to make it work

Ex.
Mail Server can connect to the SMTP port of computers on the Internet

–ACCEPT: From Mail Server to port 25 of computers on the Internet
iptables -t filter -A FORWARD  —protocol tcp
—destination-port 25 —source 201.21.2.2 -j ACCEPT

–ACCEPT: From port 25 of computers on the Internet to Mail Server
iptables -t filter -A FORWARD —protocol tcp
—source-port 25 —destination 201.21.2.2 -j ACCEPT

Deleting Rules
●iptables -t

-D
–Deletes specified rule
●iptables -t
-F
–Flushes all rules in that chain in table
●iptables -t
-F
–Flushes all rules in table

NAT
--------------------------------------------------------------------- Scenario:
packet file address:212.10.3.11/192.168.90.250
bastion Host: 192.168.90.113
---------------------------------------------------------------------

SNAT: Translates source address on packets to that of the packet filter
Ex.
iptables -t nat -A POSTROUTING —protocol tcp
—destination-port 25 —source 192.168.90.113
-j SNAT —to-source 212.10.3.11

DNAT: translates original destination address to desired destination address
Ex.(Need to set both direction)

iptables -t nat -A PREROUTING —protocol tcp
—destination-port 25 —destination 212.10.3.11
-j DNAT —to-destination 192.168.90.113

iptables -t nat -A POSTROUTING —protocol tcp
—destination-port 25 —destination 192.168.90.113
-j SNAT —to-source 192.168.90.250

Intrusion Detection Systems
Receive information about host or network being monitored
Components
●Sensors
●Engine/Analyzer
●Console/Manager

Host-based Intrusion Detection Systems
Monitors individual hosts
Network-based Intrusion Detection Systems (Snort)
Monitoring network traffic

Snort configuration file /etc/snort/snort.conf

    Share:
    Back to Blog