Maharishi Arvind Institute of Engineering and Technology, Jaipur

TRAINING REPORT ON SYS - FIREWALL

Click to edit Master subtitle style Secure Your System A handy tool for System-Administrators

4/22/12 http://chankeypathak.blogspot.com

Chandra Prakash Pathak 08EMTCS032

Company Profile- Linux World

The best awarded Red Hat partner in India. The company has been contributing a great deal to Linux Server & Networking industry by fulfilling its need for trained manpower in the field of Linux support, Networking, System Integration & Programming.

4/22/12

GREEN-HORNE PROJECT
(An open source operating system)

Module: SYS Firewall

4/22/12

What is a Firewall?

A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer. 4/22/12

How does a software firewall work?

Inspects each individual packet of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determines whether it should be 4/22/12 allowed to pass through or if it should

Firewall Rules

Allow traffic that flows automatically because it has been deemed as safe (Ex. Meeting Maker, Eudora, etc.) Block traffic that is blocked because it has been deemed dangerous to your computer
4/22/12

What a personal firewall can do

Stop hackers from accessing your computer Protects your personal information Blocks pop up ads and certain cookies
4/22/12

What a SYS firewall can do

Authorizing users Limiting access for the services Filtering the packets NATing

4/22/12

Requirements

Linux Kernel 2.4.x or higher iptables Perl 5.6 or higher dialog

4/22/12

User interface with dialog

dialog --title Linux dialog utility infobox --backtitle Linux shell script tutorial --infobox This is a dialog box called infobox, which is used to show information on the screen, Thanks to Savio Lam and Stuart Herbert to give us this utility. Press any key 7 50;
4/22/12

4/22/12

Implementing iptables

Using Perl and dialog I build a GUI version of the iptables. Perl For coding purpose dialog For Graphical User Interface

4/22/12

How does it work?

Step 1 Run the application (perl sys.xls) Step 2 Check required packages

4/22/12

Step 3 Authenticate User (password)

4/22/12

Step 4 Main Interface

4/22/12

Step 5 Customize rules

4/22/12

Dropping all policies

iptables -P INPUT DROP iptables -P OUTPUT DROP

4/22/12

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

Block Ping

iptables -A INPUT -p icmp --icmp-type echorequest -j DROP iptables -A OUTPUT -p icmp --icmp-type echo4/22/12 -j DROP reply

A dynamic approach
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -P INPUT DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

4/22/12

SNAT

For static connections. iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <SERVER'S_EXTERNAL_IP>

4/22/12

4/22/12

Masquerade

For dynamic connections. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

4/22/12

DNAT

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --todestination 192.168.1.24:80

4/22/12

Extra services

Saving rules Logging Exit

4/22/12

THANK YOU!

Any Queries?
4/22/12