Teach you how to use Linux firewall to isolate local spoofed addresses!-LINUX-php.cn

Home

System Tutorial

LINUX

Teach you how to use Linux firewall to isolate local spoofed addresses!

王林

Aug 15, 2024 pm 01:37 PM

linuxlinux tutorialRed Hatlinux systemlinux commandlinux certificationred hat linuxlinux video

How to use iptables firewall to protect your network from hackers.

Even in remote networks protected by intrusion detection and isolation systems, hackers are still finding various sophisticated ways to invade. IDS/IPS cannot stop or reduce attacks by hackers who want to take over control of your network. Improper configuration allows an attacker to bypass all deployed security measures.

In this article, I will explain how a security engineer or system administrator can avoid these attacks.

Teach you how to use Linux firewall to isolate local spoofed addresses!

Almost all Linux distributions come with a built-in firewall to protect processes and applications running on the Linux host. Most firewalls are designed as IDS/IPS solutions. The main purpose of such a design is to detect and prevent malicious packets from gaining entry into the network.

Linux firewalls usually have two interfaces: iptables and ipchains programs (LCTT translation: on systems that support systemd, the newer interface firewalld is used). Most people refer to these interfaces as iptables firewall or ipchains firewall. Both interfaces are designed as packet filters. iptables is a stateful firewall that makes decisions based on previous packets. ipchains does not make decisions based on previous packets, it is designed to be a stateless firewall.

In this article, we will focus on the iptables firewall that appeared after kernel 2.4.

With iptables firewall, you can create policies or ordered rule sets that tell the kernel how to treat specific packets. In the kernel is the Netfilter framework. Netfilter is both the framework and the project name of the iptables firewall. As a framework, Netfilter allows iptables hooks to be designed to manipulate packet functionality. In a nutshell, iptables relies on the Netfilter framework to build functionality such as filtering packet data.

Each iptables rule is applied to a chain in a table. An iptables chain is a set of rules that compare packages for similar characteristics. Tables (such as nat or mangle) describe different functional directories. For example, the mangle table is used to modify package data. Therefore, specific rules for modifying packet data are applied here; and filtering rules are applied to the filter table because the filter table filters packet data.

An iptables rule has a match set, and a target such as Drop or Deny, which tells iptables what to do with a packet to comply with the rule. Therefore, without targets and match sets, iptables cannot process packets efficiently. If a packet matches a rule, the target points to a specific action that will be taken. On the other hand, in order for iptables to process it, each packet must match before it can be processed.

Now that we know how iptables firewall works, let’s look at how to use iptables firewall to detect and reject or drop spoofed addresses.

Turn on source address verification

As a security engineer, when dealing with remote spoofed addresses, the first step I take is to turn on source address verification in the kernel.

Source address verification is a kernel-level feature that drops packets pretending to come from your network. This feature uses the reverse path filter method to check whether the source address of a received packet is reachable through the interface on which the packet arrived. (LCTT translation annotation: The source address of the arriving packet should be reachable in the reverse direction from the network interface it arrived on. This effect can be achieved by simply reversing the source address and destination address)

Use the following simple script to turn on source address verification without manual operation:

#!/bin/sh 
#作者: Michael K Aboagye 
#程序目标: 打开反向路径过滤 
#日期: 7/02/18 
#在屏幕上显示 “enabling source address verification” 
echo -n "Enabling source address verification…" 
#将值0覆盖为1来打开源地址验证 
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter 
echo "completed"

When the above script is executed, it only displays the message Enabling source address verification and does not wrap the line. The default reverse path filtering value is 0, which means no source verification. Therefore, the second line simply overrides the default value of 0 to 1. 1 means that the kernel will verify the source address by confirming the reverse path.

Finally, you can use the following command to drop or reject spoofed addresses from the remote host by selecting one of the DROP or REJECT targets. However, for security reasons, I recommend using the DROP target.

Replace the IP-address placeholder with your own IP address like below. In addition, you must choose to use either REJECT or DROP, not both at the same time.

iptables -A INPUT -i internal_interface -s IP_address -j REJECT / DROP   
iptables -A INPUT -i internal_interface -s 192.168.0.0/16  -j REJECT / DROP

This article only provides basic knowledge on how to use iptables firewall to avoid remote spoofing attacks.

The above is the detailed content of Teach you how to use Linux firewall to isolate local spoofed addresses!. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Does the internet run on Linux?Apr 14, 2025 am 12:03 AM

The Internet does not rely on a single operating system, but Linux plays an important role in it. Linux is widely used in servers and network devices and is popular for its stability, security and scalability.

What are Linux operations?Apr 13, 2025 am 12:20 AM

The core of the Linux operating system is its command line interface, which can perform various operations through the command line. 1. File and directory operations use ls, cd, mkdir, rm and other commands to manage files and directories. 2. User and permission management ensures system security and resource allocation through useradd, passwd, chmod and other commands. 3. Process management uses ps, kill and other commands to monitor and control system processes. 4. Network operations include ping, ifconfig, ssh and other commands to configure and manage network connections. 5. System monitoring and maintenance use commands such as top, df, du to understand the system's operating status and resource usage.

Boost Productivity with Custom Command Shortcuts Using Linux AliasesApr 12, 2025 am 11:43 AM

Introduction Linux is a powerful operating system favored by developers, system administrators, and power users due to its flexibility and efficiency. However, frequently using long and complex commands can be tedious and er

What is Linux actually good for?Apr 12, 2025 am 12:20 AM

Linux is suitable for servers, development environments, and embedded systems. 1. As a server operating system, Linux is stable and efficient, and is often used to deploy high-concurrency applications. 2. As a development environment, Linux provides efficient command line tools and package management systems to improve development efficiency. 3. In embedded systems, Linux is lightweight and customizable, suitable for environments with limited resources.

Essential Tools and Frameworks for Mastering Ethical Hacking on LinuxApr 11, 2025 am 09:11 AM

Introduction: Securing the Digital Frontier with Linux-Based Ethical Hacking In our increasingly interconnected world, cybersecurity is paramount. Ethical hacking and penetration testing are vital for proactively identifying and mitigating vulnerabi

How to learn Linux basics?Apr 10, 2025 am 09:32 AM

The methods for basic Linux learning from scratch include: 1. Understand the file system and command line interface, 2. Master basic commands such as ls, cd, mkdir, 3. Learn file operations, such as creating and editing files, 4. Explore advanced usage such as pipelines and grep commands, 5. Master debugging skills and performance optimization, 6. Continuously improve skills through practice and exploration.

What is the most use of Linux?Apr 09, 2025 am 12:02 AM

Linux is widely used in servers, embedded systems and desktop environments. 1) In the server field, Linux has become an ideal choice for hosting websites, databases and applications due to its stability and security. 2) In embedded systems, Linux is popular for its high customization and efficiency. 3) In the desktop environment, Linux provides a variety of desktop environments to meet the needs of different users.

What are the disadvantages of Linux?Apr 08, 2025 am 12:01 AM

The disadvantages of Linux include user experience, software compatibility, hardware support, and learning curve. 1. The user experience is not as friendly as Windows or macOS, and it relies on the command line interface. 2. The software compatibility is not as good as other systems and lacks native versions of many commercial software. 3. Hardware support is not as comprehensive as Windows, and drivers may be compiled manually. 4. The learning curve is steep, and mastering command line operations requires time and patience.

See all articles