Scribd Logo
Upload

Welcome to Scribd!

  • Ril - Lab6dobre Marcela Fils Franceza

    Uploaded by

    Marcela Dobre
    7 views7 pages
    This document provides instructions for several commands to configure iptables firewall rules on Linux, including: 1) Checking the IP address and hostname of the local system 2) Finding the IP address of a remote website 3) Opening and closing ports for HTTP/HTTPS traffic 4) Blocking all traffic except from a specific IP address 5) Blocking traffic from entire IP ranges or individual IPs 6) Restricting SSH access to only an approved external IP address

    Original Description:

    fff

    Original Title

    Ril_lab6dobre Marcela Fils Franceza

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for several commands to configure iptables firewall rules on Linux, including: 1) Checking the IP address and hostname of the local system 2) Finding the IP address of a remote website 3) Opening and closing ports for HTTP/HTTPS traffic 4) Blocking all traffic except from a specific IP address 5) Blocking traffic from entire IP ranges or individual IPs 6) Restricting SSH access to only an approved external IP address

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    7 views7 pages

    Ril - Lab6dobre Marcela Fils Franceza

    Uploaded by

    Marcela Dobre
    This document provides instructions for several commands to configure iptables firewall rules on Linux, including: 1) Checking the IP address and hostname of the local system 2) Finding the IP address of a remote website 3) Opening and closing ports for HTTP/HTTPS traffic 4) Blocking all traffic except from a specific IP address 5) Blocking traffic from entire IP ranges or individual IPs 6) Restricting SSH access to only an approved external IP address

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 7

    • dobre Marcela fils franceza

    • Ping an address. -ping www.google.com

    ping -c 5 www.google.com ( intrerupts after 5 requests)

    • 2.Check your own ip


    hostname -I
    ifconfig eth0
    • 3. Find facebook page ip address
    traceroute www.facebook.com -I
    nslookup www.facebook.com

    • 4. Check your hostname


    • hostname
    host www.google.com
    host 10.0.2.10
    whoami
    • 5.Try traceroute command for facebook or google(or any other ip)
    • traceroute www.facebook.com traceroute www.google.com
    • traceroute 141.85.241.61
    • 6.Block all http outgoing connections types.
    • iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j DROP
    • Open HTTP and HTTPS services.
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT

    allows HTTP and the second set of rules allows HTTPS connection using the default ports 80 and 443
    iptables -A INPUT -i venet0 -p tcp --dport 80 -m state --state
    NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -o venet0 -p tcp --sport 80 -m state --state ESTABLISHED
    -j ACCEPT
    iptables -A INPUT -i venet0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED
    -j ACCEPT
    iptables -A OUTPUT -o venet0 -p tcp --sport 443 -m state --state ESTABLISHED -j
    ACCEPT

    • 7.Block all IP except 192.168.30.5


    • iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    • # iptables -A INPUT -i lo -m comment --comment "Allow loopback
    connections" -j ACCEPT
    • # iptables -A INPUT -p icmp -m comment --comment "Allow Ping to work as
    expected" -j ACCEPT
    • # iptables -A INPUT -p icmp -j DROP
    • # iptables -A INPUT -p icmp -s 192.168.30.5 -j ACCEPT
    • # iptables -P INPUT DROP
    • # iptables -P FORWARD DROP

    • 8.Block all IP connections from 192.168.30.0/24 but allow 192.168.30.5
    • iptables -A INPUT -s 192.168.30.0/24 -j DROP
    • iptables -A INPUT -p tcp -s 192.168.30.5 -j ACCEPT
    • iptables -A OUTPUT -p tcp -s 192.168.30.5-j ACCEPT


    iptables -A INPUT -s 192.168.30.0/24 -j DROP
    iptables -A INPUT -p tcp -s 192.168.30.5 -j ACCEPT

    • 9. Block tcp connection from 10.10.10.15


    iptables-A INPUT -p tcp -s 10.10.10.15 -j DROP (blocks TCP connections fromip)

    • 10.Allow ssh connection only from 150.18.200.10.


    • iptables-A INPUT -p tcp--dport ssh-s 150.18.200.10 -j ACCEPT (ALLOW SSH connections from ip)
    • # iptables -A INPUT -s 150.18.200.10 -p tcp --destination-port 22 -j ACCEPT
    Allow Incoming SSH connection only from a specific IP: only specific IP to connect to server using
    22 port. Also, every time it happens, it establish a status, which will be used in the second rule to
    allow the same IP the outgoing traffic
    iptables -A INPUT -i venet0 -p tcp -s 1.1.1.1 --dport 22 -m state --state
    NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -o venet0 -p tcp --sport 22 -m state --state ESTABLISHED -j
    ACCEPT

    iptables -A INPUT -p tcp -s 150.18.200.10 --dport 22 -j ACCEPT


    access only from 150.18.200.10
    iptables -A INPUT -p tcp -s 150.18.200.10 --dport ssh -j ACCEPT
    drop all other packets to port 22
    iptables -A INPUT -p tcp --dport ssh -j REJECT
    Open SSH Port Service
    iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j
    ACCEPT
    #Open SSH Port Service
    iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

    You might also like