TRAINING REPORT ON SYS - FIREWALL

Secure Your SystemA handy tool for System-Administrators

Chandra Prakash Pathak08EMTCS032Computer Science

Maharishi Arvind Institute of Engineering and Technology, Jaipur

http://chankeypathak.blogspot.com

Company Profile- Linux World

• The best awarded Red Hat partner in India.• The company has been contributing a great deal to Linux Server & Networking industry by fulfilling its need for trained manpower in the field of Linux support, Networking, System Integration & Programming.

GREEN-HORNE PROJECT (An open source operating system)

Module: SYS Firewall

What is a Firewall?

A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.

How does a software firewall work?

• Inspects each individual “packet” of data as it arrives at either side of the firewall

• Inbound to or outbound from your computer

• Determines whether it should be allowed to pass through or if it should be blocked

Firewall Rules

• Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)

• Block – traffic that is blocked because it has been deemed dangerous to your computer

• Ask – asks the user whether or not the traffic is allowed to pass through

What a personal firewall can do

• Stop hackers from accessing your computer

• Protects your personal information

• Blocks “pop up” ads and certain cookies

• Determines which programs can access the Internet

What a SYS firewall can do

• Authorizing users

• Limiting access for the services

• Filtering the packets

• NATing

• Masquerading

Requirements

• Linux Kernel 2.4.x or higher

• iptables

• Perl 5.6 or higher

• dialog

User interface with “dialog”

dialog --title “Linux dialog utility infobox” --backtitle “Linux shell script tutorial” --infobox “This is a dialog box called infobox,

which is used to show information on the screen, Thanks to Savio Lam and Stuart Herbert to give us this utility. Press any key…” 7 50;

Implementing iptables

• Using Perl and dialog I build a GUI version of the iptables.

Perl – For coding purposedialog – For Graphical User Interface

How does it work?

• Step 1 – Run the application (perl sys.xls)

• Step 2 – Check required packages

• Step 3 – Authenticate User (password)

• Step 4 – Main Interface

• Step 5 – Customize rules

Dropping all policies

• iptables -P INPUT DROP

• iptables -P OUTPUT DROP

• iptables -P FORWARD DROP

Block Ping

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROPiptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

A dynamic approach

# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# iptables -P INPUT DROP# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

SNAT

• For static connections.

• iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <SERVER'S_EXTERNAL_IP>

Masquerade

• For dynamic connections.

• iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

DNAT

• iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.24:80

Extra services

• Saving rules• Logging• Exit

THANK YOU!

Any Queries?