Securing Linux – A Crash Course in iptables

by admin @ 6:27 pm. Filed under General Linux, How-To, command-line, security

Once in awhile, it’s nice to block hostile machines on the kernel level. Specifically, this is done with iptables or ipchains. Iptables if you are living in this millenium.

If a specific host is known to be hostile, execute the ‘whois’ command on the ip address. This will give you the IP range of the organization assigned the ip block to which the offending ip belongs. If it is outside of the country and you only service clients inside your country, it doesn’t hurt to block the whole ip range. So, we’re going to block a hostile block from China. As root, run the following command:

iptables -I INPUT -s 125.71.214.0/24 -j DROP

Why not REJECT instead of drop? This adds a rule to the firewall that simply drops the packets. This is more annoying to the other end because they never get a response. If you explicitly reject the packets, they get a message to the effect instantaneously. You want them to have to wait. It slows them down, which is bad for them.

To list the rules in the INPUT chain:

iptables –line-numbers -L INPUT

To delete a rule from the INPUT chain:

iptables -D INPUT [line number]

ex. iptables -D INPUT 1

Would delete the first rule in the INPUT chain.

Cool subnet calculator at : http://www.subnet-calculator.com/

Helpful comments with more useful or better commands welcome.

If you enjoyed this post, make sure you subscribe to my RSS feed!

[Comments (6)] [link]

6 Responses to “Securing Linux – A Crash Course in iptables”

henare Says:
July 14th, 2009 at 8:28 pm
Hi Scott,

ipcalc and sipcalc are command line subnet calculators availble in the OBS.
Scott Morris Says:
July 14th, 2009 at 10:01 pm
henare,

Hey, thanks. Great point. Thanks for stopping by!
Subnet Calculator « Node28 Says:
July 15th, 2009 at 4:06 pm
[...] wrote about iptables and how to block hostile machines at the kernel level. He then mentioned a cool little tool called Online IP Subnet Calulator. It would have been [...]
Synthea Says:
August 9th, 2009 at 12:06 am
Don’t know whether it is the perfect place to ask question,
But while enhancing security of my temporary folder in the post described in http://www.sysadmin.md/secure-temporary-folders-on-existing-unix-or-linux-systems.html my redirection fails. This commands always fails
echo “/mnt/tmp /tmp ext3 loop,noexec,nosuid,rw 0 0″ >> /etc/fstab
Can anybody please tell my why?
Synthea Says:
August 9th, 2009 at 12:07 am
My another question is, how I can make it work string for big file? while enhancing security of my temporary folder in the post described in http://www.sysadmin.md/secure-temporary-folders-on-existing-unix-or-linux-systems.html my redirection fails. This commands always fails
echo “/mnt/tmp /tmp ext3 loop,noexec,nosuid,rw 0 0″ >> /etc/fstab
Can anybody please tell my why?
Henry Hertz Hobbit Says:
March 21st, 2010 at 7:10 am
Where is the whois command? I went to type it only to find the command is missing. Thinking it may be in /usr/sbin or /sbin I tried finding it in those folders. It was not there either. So I do a man on whois and it isn’t on the machine. YaST doesn’t show it any place I can find it. SO WHERE IS IT? I am using OpenSUSE 11.2. Dropping this command was a really stupid thing to do if it isn’t there any more.