Main Menu

Linux

friends

Banner

Other Stuff

Related Articles

Latest articles

very simple folder encryption with ecryptfs
27/09/2009 | mad mad mod

Sometimes you want to protect some of your files from unauthorized access. One option is use a cryptographic filesystem like ecryptfs. "eCryptfs is a POSIX-compliant enterprise-class stacked cryptogra [ ... ]


+ Full Story
convert mysql table from MyISAM to InnoDB
30/12/2009 | mad mad mod

MyISAM is the default storage engine for MySQL. Unfortunately it doesn't support transactions or foreign keys (but it has some other nice features like compression). However, because InnoDB does su [ ... ]


+ Full Story
Other Articles
Facebook MySpace Twitter Digg Delicious Stumbleupon Google Bookmarks 

Designed by:
SiteGround web hosting Joomla Templates
Firewall on Fedora Linux E-mail
Security

In a nutshell

The core of the Linux firewall is the netfilter kernel module. To add or remove firewall rules you need the "iptables" application (should already be installed).

 

 

where is the configuration file for iptables?

The actual configuration file is here: /etc/sysconfig/iptables-config. But the firewall rules are saved here: /etc/sysconfig/iptables.

 

 

What are Chains?

A set of firewall rules is called a chain.

With "iptables -L" you can list all chains:

[root@myweb ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

--> no chains defined at the moment.

 

There are 3 predefined (built-in) chains for the filter table (packet filtering):

  • FORWARD
  • INPUT
  • OUTPUT

 

 

What is a Target?

The target defines what to do with a packet that matches the rule.

 

There are 2 important rules:

  • DROP
  • ACCEPT

 

 

Some Examples

We want to drop all outgoing packages to IP 62.112.154.29. To do this we have to add a rule to the (predefined) OUTPUT chain which drops all packes with target IP 62.112.154.29.

 

Before:

[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
64 bytes from 62.112.154.29: icmp_seq=1 ttl=54 time=25.8 ms
64 bytes from 62.112.154.29: icmp_seq=2 ttl=54 time=19.4 ms
64 bytes from 62.112.154.29: icmp_seq=3 ttl=54 time=19.9 ms
64 bytes from 62.112.154.29: icmp_seq=4 ttl=54 time=20.2 ms

 

Now we add the rule:

[root@myweb ~]# iptables -t filter -A OUTPUT -d 62.112.154.29 -j DROP

 

After:

 
[root@myweb ~]# ping 62.112.154.29
PING 62.112.154.29 (62.112.154.29) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

 

Now we delete the rule:

 
[root@myweb ~]# iptables -D OUTPUT -d 62.112.154.29 -j DROP

Comments (0)
Write comment
Your Contact Details:
Comment:
[b] [i] [u] [url] [quote] [code] [img]   
:D:angry::angry-red::evil::idea::love::x:no-comments::ooo::pirate::?::(
:sleep::););)):0
Security
Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."
 
mad mad mod, Powered by Joomla! and designed by SiteGround web hosting