One of the most commonly used security framework in Linux Netfilter, this functionality is within the Linux kernel and provides flexibility for various network – related operations to be implemented in the form of custom drivers.
Netfilter offers several options for packet filtering, network address resolution and resolution ports. These functions provide the necessary to direct packets through a network functionality as well as to provide capacity to prohibit packets reach sensitive locations within a computer network.
Netfilter is a set of tools within the Linux kernel, which allows specific kernel modules to register callback functions network transactions within the kernel.
These functions are generally applied in the form of traffic filter rules, they are invoked as each new transaction or each data packet passing through the respective filter system within the network, this system is a firewall filters.
The firewall is responsible for intercepting and manipulating network packets. It also enables packet handling at different stages of processing. Netfilter is also the name given to the project that is responsible for providing free tools for firewall or Linux based firewalls.
The most popular component built on Netfilter is iptables tool firewall or firewall that allows filtering package and also perform address resolution network or keep log records what is happening. The Netfilter project not only offers components available as modules core but also offers tools for use by user and libraries for developers.
Here is how to configure a firewall using iptables. First we see if iptables is active, to do this from a terminal window write the following:
sudo iptables -L
If we had not installed we can install it with the following statement:
sudo apt-get install iptables
We can also use the command:
whereis iptables
We will return the location of Iptables, something like the following:
iptables: /sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz
To start in the case of Debian / Ubuntu and derivatives execute the command:
sudo ufw enable // iniciar
sudo ufw disable //detener
If we use CentOS / RHEL / Fedora run the following command:
service iptables stop
service iptables start
service iptables restart
How to apply rules Iptables
Rules for filtering packets are put in place using the iptables command. The type of syntax responds to the following statement.
Example To insert rules to allow access to port 80 which is used by web services:
iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
We explain the parameters defined by the rule:
-A = Indicates append this rule to a chain filter. The chain where we indicate that we are doing, most of the time we deal with the incoming or outgoing traffic INPUT and OUTPUT, allowing or not certain specific port or ip for data traffic.
-m = to indicate that the filter rule must match the medium or connection and transmission protocol, for example in this case we allow data traffic but only for tcp and udp or other protocol no.
-s = indicates the source IP address traffic allowed, the address range using [/netmask] or specifying the origin port.
ip = -d indicates the destination address traffic allowed, the address range using [/netmask] or specifying the destination port.
j – = indicates that action will take place if it matches the packet filter rule. By default, iptables allows four possible actions:
ACCEPT indicates that the packet is accepted and can continue.
REJECT indicates that the packet is rejected and notifies the source that is not accepted, stops processing the package.
DROP indicates rejects and ignores the packet, produces no warning and stops processing the packet.
LOG indicates that the packet is accepted and continuous processing more rules in this chain, can see a log of what happened.
Example: close the port 22 SSH remote access:
iptables -A INPUT -p tcp --dport 22 -j DROP
What we mean is to reject any entry or data traffic entering or attempt to connect to port 22.
Example: if we want a developer or designer has ftp access from a computer but no one else, can then use the following rule, which I accept FTP, port 21 for a given ip.
iptables -A INPUT -s Your_IP_Address -p tcp -dport 21 -j ACCEPT
Example: database administrators can have their own access from a computer. Then we enable the port connection or Mysql database we have.
iptables -A INPUT -s Your_IP_Address -p tcp --dport 3306 -j ACCEPT
Example: most server administrators remain closed port 25 (SMTP) for generating spam and ease of spammers to use it for mass mailings, so we can block for anyone to use it in an easy and simple .
iptables -A INPUT -p tcp --dport 22 -j DROP
Example: If you need to allow access to secure websites using the format https://www.miweb.com , we must allow access to port 443 which is the HTTPS / SSL used for secure transfer of Web pages.
iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
Attention System Administrators
All administrators and Linux user should be aware that it is important to consider this tool as a first line of security defense, know how to use us to serve in many cases as it prevents access to our system, but also serves to stop a possible attack in progress.
One way to easily customize iptables according to our need to minimize potential security problems and vulnerabilities.
If you need to know all the ports that we have in our system we can use the following guide to the most commonly used ports and to consider protected.
Internet ports to consider
20 FTP file transfer and data
21 FTP
22 SSH, SFTP remote access
23 Telnet remote handling equipment, is an insecure protocol
25 SMTP email is insecure Shipping
53 System DNS domain name resolution
67 BOOTP (Server) used by DHCP dynamic IP addresses
68 BOOTP (Client), also used by DHCP
80 HTTP Hypertext Transfer Protocol. WWW service
110 POP3 Post Office Protocol. Reception of emails
143 IMAP Protocol application that allows access to messages stored on a mail server
389 LDAP Protocol Lightweight Access to Databases
443 HTTPS / SSL protocol for the secure transfer of Web pages
465 SMTP safely and encrypted with SSL. It is used for sending emails
631 CUPS printing system Linux and derivatives
993 IMAP with SSL security and encryption is used for receiving emails
995 POP3 with SSL security and encryption is used for receiving emails
Port Server 1433 database SQLServer
1434 Port SQLServer server monitoring with SQLMonitor
1521 Server Port Oracle database
2082 access port CPanel control panel for managing Web
2083 CPanel port secure access with SSL.
Access Port 3306 MySQL server databases MYSQL
3389 RDP Remote Desktop or Terminal Server
3396 service port Novell Novell Print
3690 Apache Subversion is a version control tool, also known as SVN
5000 Port of plug-and-play is a universal set of communication protocols that allows computers, printers, access points Wi-Fi and mobile devices, found in a network
5222 Jabber / XMPP is the protocol used today Facebook, Tuenti, among others WhatsApp
5223 Jabber / XMPP default port for SSL client connections
5269 Jabber / XMPP server connection
5432 PostgreSQL management system databases
5400 VNC remote desktop protocol using the HTTP protocol.
8080 is the port used by the Tomcat web server with JSP.
