Firewall in Perl by chankey pathak
-
Upload
chankey-pathak -
Category
Technology
-
view
1.466 -
download
1
description
Transcript of Firewall in Perl by chankey pathak
![Page 1: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/1.jpg)
TRAINING REPORT ON SYS - FIREWALL
Secure Your SystemA handy tool for System-Administrators
Chandra Prakash Pathak08EMTCS032Computer Science
Maharishi Arvind Institute of Engineering and Technology, Jaipur
http://chankeypathak.blogspot.com
![Page 2: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/2.jpg)
Company Profile- Linux World
• The best awarded Red Hat partner in India.• The company has been contributing a great deal to Linux Server & Networking industry by fulfilling its need for trained manpower in the field of Linux support, Networking, System Integration & Programming.
![Page 3: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/3.jpg)
GREEN-HORNE PROJECT (An open source operating system)
Module: SYS Firewall
![Page 4: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/4.jpg)
What is a Firewall?
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.
![Page 5: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/5.jpg)
How does a software firewall work?
• Inspects each individual “packet” of data as it arrives at either side of the firewall
• Inbound to or outbound from your computer
• Determines whether it should be allowed to pass through or if it should be blocked
![Page 6: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/6.jpg)
Firewall Rules
• Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
• Block – traffic that is blocked because it has been deemed dangerous to your computer
• Ask – asks the user whether or not the traffic is allowed to pass through
![Page 7: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/7.jpg)
What a personal firewall can do
• Stop hackers from accessing your computer
• Protects your personal information
• Blocks “pop up” ads and certain cookies
• Determines which programs can access the Internet
![Page 8: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/8.jpg)
What a SYS firewall can do
• Authorizing users
• Limiting access for the services
• Filtering the packets
• NATing
• Masquerading
![Page 9: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/9.jpg)
Requirements
• Linux Kernel 2.4.x or higher
• iptables
• Perl 5.6 or higher
• dialog
![Page 10: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/10.jpg)
User interface with “dialog”
dialog --title “Linux dialog utility infobox” --backtitle “Linux shell script tutorial” --infobox “This is a dialog box called infobox,
which is used to show information on the screen, Thanks to Savio Lam and Stuart Herbert to give us this utility. Press any key…” 7 50;
![Page 11: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/11.jpg)
![Page 12: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/12.jpg)
Implementing iptables
• Using Perl and dialog I build a GUI version of the iptables.
Perl – For coding purposedialog – For Graphical User Interface
![Page 13: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/13.jpg)
How does it work?
• Step 1 – Run the application (perl sys.xls)
• Step 2 – Check required packages
![Page 14: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/14.jpg)
• Step 3 – Authenticate User (password)
![Page 15: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/15.jpg)
• Step 4 – Main Interface
![Page 16: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/16.jpg)
• Step 5 – Customize rules
![Page 17: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/17.jpg)
Dropping all policies
• iptables -P INPUT DROP
• iptables -P OUTPUT DROP
• iptables -P FORWARD DROP
![Page 18: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/18.jpg)
Block Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROPiptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
![Page 19: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/19.jpg)
A dynamic approach
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -P INPUT DROP# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
![Page 20: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/20.jpg)
SNAT
• For static connections.
• iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <SERVER'S_EXTERNAL_IP>
![Page 21: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/21.jpg)
![Page 22: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/22.jpg)
Masquerade
• For dynamic connections.
• iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
![Page 23: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/23.jpg)
DNAT
• iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.24:80
![Page 24: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/24.jpg)
Extra services
• Saving rules• Logging• Exit
![Page 25: Firewall in Perl by chankey pathak](https://reader035.fdocuments.us/reader035/viewer/2022062405/554f7a28b4c905d25b8b472b/html5/thumbnails/25.jpg)
THANK YOU!
Any Queries?