It\u00a0is a challenging task to create the perfect iptables rules allowing only the required traffic.<\/p>\n
*** VERY IMPORTANT* **\u00a0<\/strong><\/em><\/p>\n Before making any changes in the iptables ensure that you have console access to the host so that you will not get locked out.<\/em><\/p>\n In this exercise we are going to use a CentOS 7<\/strong> system. Since\u00a0firewalld<\/strong> is the firewall that comes by default, it will be good to uninstall firewalld to avoid any confusion. The focus of this tutorial will be to guide how to view logs and make adjustments in firewall accordingly.<\/p>\n [root@host1 ~]#\u00a0yum remove firewalld -y<\/strong><\/em><\/p>\n Now install iptables: Start IPTABLES service in the server host List all entries in an Iptables Flush all iptables rules ====== ===== =====<\/p>\n Now let us start the actual lab<\/p>\n Resetting all chains to DROP all traffic:<\/strong><\/p>\n Enable logging:<\/strong><\/p>\n Save all entries:<\/strong><\/p>\n Explanation:<\/strong><\/p>\n The logs:<\/strong><\/p>\n The above commands will enable logging, and traffic blocked by iptables will be logged in \/var\/log\/messages<\/strong> with lines starting with\u00a0IPTables-Dropped<\/strong>.<\/p>\n Example: Adding rules:<\/strong><\/p>\n Let us add rules to allow SSH to the host.<\/p>\n Let us check the present rules and the sequence numbers associated with them:<\/p>\n [root@host1 ~]# iptables -L –line-numbers<\/strong><\/em> Chain FORWARD (policy DROP) Chain OUTPUT (policy DROP) Chain LOGGING (2 references) =======<\/strong><\/p>\n We need to insert rules so that they get added before the\u00a0logging<\/strong> entries.<\/p>\n [root@host1 ~]#iptables -I INPUT 1 -p tcp –dport 22 -j ACCEPT<\/strong><\/em> [root@host1 ~]# service iptables save<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
\n[root@host1 ~]# yum install iptables iptables-services -y<\/strong><\/em><\/p>\n
\n[root@host1 ~]# systemctl start iptables<\/strong><\/em><\/p>\n
\n[root@host1 ~]# iptables -L<\/strong><\/em><\/p>\n
\n[root@host1 ~]# iptables -F<\/strong><\/em><\/p>\n\n
\n
\n
\n
\nApr 18 07:35:02 host1 kernel: IPTables-Dropped:IN=ens33 OUT= MAC=00:0c:29:6f:51:93:00:26:82:93:e9:4e:08:00 SRC=192.168.1.7 DST=192.168.1.9 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32353 DF PROTO=TCP SPT=53352 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0<\/em><\/p>\n
\nChain INPUT (policy DROP)
\nnum target prot opt source destination
\n1 LOGGING all — anywhere anywhere<\/p>\n
\nnum target prot opt source destination<\/p>\n
\nnum target prot opt source destination
\n1 LOGGING all — anywhere anywhere<\/p>\n
\nnum target prot opt source destination
\n1 LOG all — anywhere anywhere limit: avg 2\/min burst 5 LOG level warning prefix “IPTables-Dropped:”<\/p>\n
\n[root@host1 ~]#iptables -I OUTPUT 1 -p tcp –sport 22 -j ACCEPT<\/strong><\/em><\/p>\n