Linux Iptables To Block Different Attacks
Source: linoxide.com
Iptables is a Linux kernel based packet filter firewall. The iptables modules are present in the kernel itself, there is no separate daemon for it. This makes it very fast and effective firewall. The iptables rules control the incoming and outgoing traffic on a network device. In this article, we will discuss about some common network attacks, and how we can block them using iptables. Some of the common network attacks are SYN flood attack, smurf attack, land attack, attacks by malfunctioning ICMP packet, and some other forms of DOS attack. Before going into the details of these attacks, let’s have an overview of iptables, and how to use this command.
Iptables
iptables has 3 filtering points for the default table: INPUT, OUTPUT and FORWARD. These are called chains in iptables. As their names suggest, they specify whether a packets is destined for the system (INPUT
), originating from it (OUTPUT
) or is routed to another node in the network (FORWARD
).
The rules in iptables are stored in the form of records in a table. To list the rules, run “iptables -L
”
root@local:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Here, no rules are present for any chain.These rules are read from top to bottom, and if a match occurs, no further rules are checked. So if one rule overwrites any previous rule, then it must be below that rule. So we will append the rules below existing rules. But if your requirement is to insert explicitly, then you can insert them as well.
To insert a rule (above all other rules or at a specified number), -i
, and to append, -A
option is used. We need to specify the chain, for which we wish to write the rule. The -j
option specifies the target, i.e. what we want to do with the packet if a rule is matched. Some of the values are ACCEPT
, DROP
(or REJECT
), RETURN
etc. This target can be some other existing or user defined chain. But for the purpose of this article, we will confine ourselves to existing chains only, and will not go in further details.