An introduction to filtering rules, continued
We'll next create a new rule-chain of named rules in
the filter table.
These can be considered as similar to a method, or procedure,
of new rules to be evaluated under certain conditions.
We then append individual new rules to this named rule-chain:
/sbin/iptables -t filter -N myrules
/sbin/iptables -t filter -A INPUT -j myrules
/sbin/iptables -t filter -A FORWARD -j myrules
|
In addition, we can decide how to manage individual packets based on the
protocols (TCP, UDP...) being used,
or the services (ports) requested:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
We also wish to log all packets that our firewall drops,
but we don't wish an attacker to flood our machine's logfiles:
iptables -t filter -A INPUT \
-m limit --limit 15/minute \
-j LOG --log-prefix "suspicious, dropped"
|
These details are logged via the standard syslogd mechanism.
CITS3002 Computer Networks, Lecture 11, Security of TCP/IP, p23, 15th May 2024.
|
CITS3002