Listen to this Post
Firewalls are essential for securing Linux systems by controlling incoming and outgoing network traffic. NetFilter, the built-in firewall framework in Linux, paired with `iptables` or nftables, provides powerful tools for network security.
You Should Know:
1. Basic NetFilter Commands
Check if NetFilter is active:
lsmod | grep netfilter
List current firewall rules:
sudo iptables -L -v -n
2. Blocking and Allowing Traffic
Block an IP address:
sudo iptables -A INPUT -s 192.168.1.100 -j DROP
Allow SSH (port 22):
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
3. Saving and Restoring Rules
Save current rules:
sudo iptables-save > /etc/iptables/rules.v4
Restore saved rules:
sudo iptables-restore < /etc/iptables/rules.v4
4. Using `nftables` (Modern Alternative)
List `nftables` rules:
sudo nft list ruleset
Block an IP with `nftables`:
sudo nft add rule ip filter input ip saddr 192.168.1.100 drop
5. Logging Dropped Packets
Log rejected traffic:
sudo iptables -A INPUT -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
6. Preventing DDoS Attacks
Limit connection attempts:
sudo iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 -j DROP
7. Port Forwarding with NetFilter
Forward port 8080 to 80:
sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80
What Undercode Say
NetFilter is a cornerstone of Linux security, offering granular control over network traffic. Whether using `iptables` or transitioning to nftables, mastering these tools is crucial for sysadmins and cybersecurity professionals. Always test rules in a controlled environment before deployment to avoid locking yourself out.
Expected Output:
A well-configured firewall with logged drops, controlled access, and mitigation against brute-force attacks.
For further reading, refer to:
References:
Reported By: Activity 7312152054309752832 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
