Abc Assignment Help

MN502 Laboratory 8 Manual: l Packet Filtering Firewalls Assessment Answer

MN502 Network Security

Laboratory 8 Manual: l Packet Filtering Firewalls (IPTABLES)

Description:

This manual is for running experiments on IPTABLES firewall. In this lab you will set up a Linux-based system as a firewall, according to a network security policy provided to you. The implementation will be done using an Oracle Virtual Box.

  • In the first experiment, you will use IPTABLES firewall on a Kali in order to be familiar with IPTABLES firewalls. Students will  also  explore the functionalities of iptables, the Linux firewall
  • In the second experiment, students will perform some basic commands, followed by some exercises.

Pre-work:

  1. Launch Virtual Box
  2. Launch your Kali
  3. Do all your exercises in the VM 

Exercises 1: You are required to read, install, set up, configure, and test your iptables firewall 

The goal of this exercise is to explore the functionalities of iptables, the Linux firewall, in a simple network setting. To facilitate the deployment of the network setting out of the laboratory, we will use only Kali virtual machines for implementing it.

IPTABLES is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term iptables is also commonly used to refer to this kernel-level firewall. Iptables is a Linux command line firewall that allows system administrators to manage incoming and outgoing traffic via a set of configurable table rules.

Iptables uses a set of tables which have chains that contain set of built-in or user defined rules. Thanks to them a system administrator can properly filter the network traffic of his system.

Per iptables manual, there are currently 3 types of tables:

FILTER – this is the default table, which contains the built in chains for:

INPUT  – packages destined for local sockets

FORWARD – packets routed through the system

OUTPUT – packets generated locally

1. Install iptables (if not installed already).

Sudo apt-get install iptables

2. Access to the iptables manual page 

Man iptables

3. If you want to check your existing rules, use the following command

Sudo iptables –L –n –v

Exercises 2: Explore the functionalities of iptables, the Linux firewall and write some rules 

1.  Block Specific IP Address in IPtables FirewallBlock Specific IP Address in IPtables Firewall

Where you need to change "xxx.xxx.xxx.xxx" with the actual IP address. Be very careful when running this command as you can accidentally block your own IP address. The -A option appends the rule in the end of the selected chain.

In case you only want to block TCP traffic from that IP address, you can use the -p option that specifies the protocol. That way the command will look like this:

2. Unblock IP Address in IPtables Firewall Unblock IP Address in IPtables Firewall

If you have decided that you no longer want to block requests from specific IP address, you can delete the blocking rule with the following command:The -D option

The -D option deletes one or more rules from the selected chain. If you prefer to use the longer option you can use --delete.

3. Block Specific Port on IPtables Firewall

Sometimes you may want to block incoming or outgoing connections on a specific port. It’s a good security measure and you should really think on that matter when setting up your firewall.

To block outgoing connections on a specific port use
block outgoing connections

To allow incoming connections use: incoming connections use

In both examples change "xxx" with the actual port you wish to allow. If you want to block UDP traffic instead of TCP, simply change "tcp" with "udp" in the above iptables rule.

4. Allow Multiple Ports on IPtables using Multiport

You can allow multiple ports at once, by using multiport, below you can find such rule for both incoming and outgoing connections:Allow Multiple Ports on IPtables using Multiport

5. Block Facebook on IPtables Firewall

First find the IP addresses used by Facebook Block Facebook on IPtables Firewall

You can then block that Facebook network with:block that Facebook network

Keep in mind that the IP address range used by Facebook may vary in your country.

6. Block Network Flood on Apache Port with IPtables

The above command limits the incoming connections from per minute to 100 and sets a limit burst to 200. You can edit the limit and limit-burst to your own specific requirementsedit the limit and limit-burst

7. Block Incoming Ping Requests on IPtables

Some system administrators like to block incoming ping requests due to security concerns. While the threat is not that big, it’s good to know how to block such request:Block Incoming Ping Requests on IPtables

8. Allow loopback Access

Loopback access (access from 127.0.0.1) is important and you should always leave it active: Allow loopback Access

9. Keep a Log of Dropped Network Packets on IPtables

If you want to log the dropped packets on network interface eth0, you can use the following command:Keep a Log of Dropped Network Packets on IPtables

10. Block Access to Specific MAC Address on IPtables

You can block access to your system from specific MAC address by using:Block Access to Specific MAC Address on IPtables

Of course, you will need to change "00:00:00:00:00:00" with the actual MAC address that you want to block

11. Limit the Number of Concurrent Connections per IP Address

If you don’t want to have too many concurrent connection established from single IP address on given port you can use the command below: Limit the Number of Concurrent Connections per IP Address

The above command allows no more than 3 connections per client. Of course, you can change the port number to match different service. Also the --connlimit-above should be changed to match your requirement.

12. Search within IPtables Rule

Once you have defined your iptables rules, you will want to search from time to time and may need to alter them. An easy way to search within your rules is to use:Search within IPtables Rule

In the above example, you will need to change $table with the actual table within which you wish to search and $string with the actual string for which you are looking for.

Here is an example:Example of Search within IPtables Rule

13. Flush IPtables Firewall Chains or Rules

If you want to flush your firewall chains, you can useFlush IPtables Firewall Chains or Rules

You can flush chains from specific table with flush chains from specific table

You can change "nat" with the actual table which chains you wish to flush.

14. Disable Outgoing Mails through IPTables

If your system should not be sending any emails, you can block outgoing ports on SMTP ports. For example you can use this

Disable Outgoing Mails through IPTables Example

Answer

For solution, connect with our online professionals. 

Customer Testimonials