How does the firewall on the Linux system work?

Question

Chloe_6 0 Newbie Poster

2 Years Ago

#!/bin/bash

iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -s 192.168.167.0/24 --dport 22 \
-m state --state NEW -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT


iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 133.172.114.17 --dport 25 \
-j DNAT --to-destination 192.168.167.23:25
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.167.0/24 \
-j SNAT --to-source 133.172.114.17

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A FORWARD -i eth1 -p tcp -s 192.168.167.0/24 --dport 80 \
-m state --state NEW -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp -s 192.168.167.0/24 --dport 443 \
-m state --state NEW -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp -d 192.168.167.23 --dport 25 \
-m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

With this firewall script, I'm needing to answer this question:
For the following four groups of iptables commands, explain:
• the overall effect of each group of commands, and
• the purpose of each command within the group.

lines 12 and 18,
lines 13 and 19.
lines 21, 32 and 34.
lines 23, 28, 30 and 34.

2 Contributors
3 Replies
182 Views
1 Day Discussion Span
Latest Post 2 Years Ago Latest Post by rproffitt

rproffitt 2,662 "Nothing to see here."

2 Years Ago

Topic question doesn't appear to match your question in the text that follows. Also, we state what we want the firewall to do then write the rules but you seem to have put the cart before the horse.

That is, you have the rules before you determined why you have these rules. Let's start over. What did you need iptables to do here?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Chloe_6 0 Newbie Poster · Answer 1 · 2022-05-14T21:55:49+00:00

I'm needing the iptables to run on the gateway machine before the gateway's interfaces are brought up

rproffitt 2,662 "Nothing to see here." Moderator · Answer 2 · 2022-05-14T23:06:35+00:00

The last reply doesn't appear to be what you asked above. Anyhow, the firewall rules will be in place shortly after a boot but sure, you can do that. Nod to priors like https://unix.stackexchange.com/questions/134682/iptables-add-rule-for-interface-before-it-comes-up HOWEVER this can be distro dependent.