Loading
Mastering IPTables, Part I
Linux comes with a powerful firewall built-in, although the interface can be a little intimidating. This is the first in a multi-part tutorial on how to master basic and not-so-basic IPTables functionality and create the perfect firewall for your home network.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- New Products
- RSS Feeds
- Readers' Choice Awards
- Automatically updating Guest Additions
42 min 40 sec ago - I like your topic on android
1 hour 29 min ago - Reply to comment | Linux Journal
1 hour 50 min ago - This is the easiest tutorial
8 hours 4 min ago - Ahh, the Koolaid.
13 hours 43 min ago - git-annex assistant
19 hours 42 min ago - direct cable connection
20 hours 5 min ago - Agreed on AirDroid. With my
20 hours 15 min ago - I just learned this
20 hours 19 min ago - enterprise
20 hours 49 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
DROP everything
I even set OUTPUT to drop ... what happens if you get a virus or a worm? (does linux have one of those?)
Or somebody on your network (most likely w/ a windows machine) gets a virus or worm? Those packets might go thru FORWARD but if they somehow hack into your firewall then those packets would be thru OUTPUT.
I go way paranoid on my rules. I set interface names, I allow each protocol out 1 by 1, set expected ip ranges, always tcp reset when I reject, etc.... It may be a pain to setup, but I only do that once; and it protects me better 24x7 IMO.
vim user, set
vim user,
set bg=dark
Thanks.
seems like it keeps getting
seems like it keeps getting hung up on digg.
Does anyone else have troubles viewing this?
I took a snapshot.
http://fayettedigital.com/images/firewall.png
I can't read much of what's on the screen. Red on black is very hard to read and I have no idea what the colors are for the text I can't see. This is a fairly new system with a nvidia card running Ubuntu Hardy to a 20" SGI monitor (hi res). I'm viewing it with Firefox 3.x.
Thanks,
Jim.
Transcript
Greetings,
For all future videos I will include links to the transcript and script (if applicable). Here is the transcript and firewall script for this one:
Transcript: http://dark-code.bulix.org/z5svtd-68680?raw
Script: http://dark-code.bulix.org/y8t9ur-68683
These will be available in the video description from now on.
Elliot
Gracias por el post, era muy
Gracias por el post, era muy interesante leer
your gay
your gay
help
hi iluv linux "fedore" mainly....!
i dont hav much experience of linux.
if anyone can help me.
i started a wireless isp business and running a "mikrotik AP" router.
my internet connection runs from (PC-1) with DSL & from there link to Linux Server with (Radius Manager) and also Link to the "Mikrotik AP".
My (Mikrotik AP) is already good firewall but thats for blocking my clients, i need advise or help on setting firewall for the othe side (my dsl router) to protect my main pc with windows xp & my linux radius manager pc. (bellow is a my setup connection)
Isp-----windows xp--------radius manager<<<<--->>>>mikrotok<<<<<----->>>>>Wireless Clients
IPTables Part 1
I was able to copy the script Elliot creates while watching the video. It's not exactly the same, but captures all the same stuff
#!/bin/sh
#locate iptables (this will cause issues if the command fails, but is flexible)
IPT=`which iptables`
#or possibly the following, but on CYGWIN it's not in the right format)
#IPT=`whereis iptables`
#flush iptables
$IPT -F
#-----------------------
# POLICIES
#-----------------------
#
# DEFAULT POLICIES
#-----------------------
#For outbound traffic
$IPT -P OUTPUT ACCEPT
#For inbound traffic
$IPT -P INPUT DROP
#For routed traffic is to drop for now
$IPT -P FORWARD DROP
#
# ALLOWED INBOUND TRAFFIC
#-----------------------------
#ALLOW loopback traffic
$IPT -A INPUT --in-interface lo -j ACCEPT
#ALLOW http
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#ALLOW ssh
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
#ALLOW Responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
IPTables script
PS. I did not verify the script works, so don't shoot any flaming arrows my way, but I will update it if I find any
The text in the captured screen in not clear
The text in the captured screen in not clear, I can not read it.
Advise: use black background and white foreground, do not use colors.
Shell Script (Text on screen)
I recreated the script Elliot used. It's not exactly the same, but has the same functionality
#!/bin/sh
#locate iptables (this will cause issues if the command fails, but is flexible)
IPT=`which iptables`
#or possibly the following, but on CYGWIN it's not in the right format)
#IPT=`whereis iptables`
#flush iptables
$IPT -F
#-----------------------
# POLICIES
#-----------------------
#
# DEFAULT POLICIES
#-----------------------
#For outbound traffic
$IPT -P OUTPUT ACCEPT
#For inbound traffic
$IPT -P INPUT DROP
#For routed traffic is to drop for now
$IPT -P FORWARD DROP
#
# ALLOWED INBOUND TRAFFIC
#-----------------------------
#ALLOW loopback traffic
$IPT -A INPUT --in-interface lo -j ACCEPT
#ALLOW http
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#ALLOW ssh
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
#ALLOW Responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Fantastic tutorial
Well done Elliot. Your timing couldn't have been more perfect. IPTables has always been a pain in the butt to understand. Being able to see and hear someone explain how it works is a great way to learn. I have enjoyed watching the video and will definitely tune in for the next part.
I've just installed a new Linux server at work which acts as our internet gateway via an ADSL router modem. It took me two days to setup the iptable rules and it is finally working (after reading lots of HOWTO docs). Now it will be nice to verify that what I have done is actually correct, and be able to understand all the rules I copied from the HOWTO's. ;-)
As for a transcript.
That would be nice, but I simply did the following. If you use Firefox web browser, simply look in your profile's Cache directory for a 10Mb file. That's the local copy of the video clip you watched. Simply copy it out for archiving purposes and for later enjoyment. :-)
Regards,
- Graeme -
Transcript
+1
Transcript?
It would be nice if there were a transcript to these videos. A transcript can be read in a short amount of time to gain knowledge, or skimmed to see if the material is relevant, or used for later reference, or even used to capture notes so all eyes can be on the viewing.
Thank you.