Module Seven - Session 24: How do I Secure Linux?

What will I be learning?

We will look at how to implement a basic firewall using iptables, and learn about a utilities that can help us gather information about our networked services.

After this chapter I should be able to...

You should be able to secure a Linux system, disable any unwanted services and configure a simple firewall.

What should I practice?

iptables Demo

Here are several examples with explanation to what they are doing. 

Allow Examples:

    iptables –A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
        This one allows the protocol TCP to destination port 53 (DNS)
            -A says to appending to the INPUT table
            -p is the protocol
            -m says match tcp
            --dport specifies the port number
            -j says to accept the packet
            -j (jump): Specifies the target of the rule - what to do if the packet matches it. 
            (tcp - Transmission Control Protocol)
            (DNS - Domain Name System)
    iptables –A INPUT -p udp -m upd --dport 53 -j ACCEPT
            (udp - User Datagram Protocol)
    iptables –A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
            (port 443 is the default port for HTTPS - HyperText Transfer Protocol Secure)

Drop Examples:

    iptables –A INPUT -p tcp -m tcp –dport 69 -j DROP
        Anything coming in on port 69 (TFTP) will be dropped
             (TFTP - Trivial File Transfer Protocol)    
    iptables -A OUTPUT -d 5.5.5.0/24
        Anything going out (leaving our network) to a destination IP in the 5.5.5.0/24 network will be dropped
             -d is for "destination"
    iptables -A OUTPUT –p tcp –d 69.171.224.0/19 -j DROP
        Anything going out (leaving our network) using TCP to 69.171.224.0/19 will be dropped
    iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
        Anything going to Facebook using TCP will be dropped

Log and Drop Examples:

    iptables -A OUTPUT -p tcp -d facebook.com –j LOG --log-prefix "Facebooking attempt: "  
        First we do our logging (that is what the -j is saying)
        --log-prefix will put the following text into the log file (makes for easy searching/filtering).
        Everything will be logged in /var/log/messages
    iptables -A OUTPUT -p tcp -d facebook.com -j DROP
        After we log the attempt, we will next just drop the connection (same as in the Drop Example)

Displaying Tables

    iptables –line-numbers –n -L

Original webpage by Petersen Gross, modified by William Albritton.