Okay so I have probably talked about iptables before, and used it in previous tutorials, but now I've decided to talk about it in particular. iptables is extremely useful and powerful if configured properly. We'll start off with a very basic rule, allowing all traffic to and from telnet.
iptables -A INPUT -p tcp --destination-port 23 -j ACCEPT
Now we should be allowing all connections on port 23 (telnet).
We can view the rules we have like so;
iptables -L
If we had wanted to list the table with numeric values instead, use the (-n) flag. In addition, we can specify what rules we want to list (INPUT, OUTPUT, etc) and increase the verbosity to see the packet and byte statistics.
iptables -L INPUT -n -v
Now, that's nice and all but I'd like to filter out SSH on this laptop to drop any packets coming from IP's other than mine. In order to do this, I would issue the following command.
iptables -A INPUT -p tcp --dport 22 ! -s 19.84.20.11 -j DROP
Now any packets coming from a source ip other than the one I specified will be dropped for ssh. This applies to blacklisting IP's, which can easily be circumvented with proxies like TOR though. But if we had wanted to accept all packets except a specific IP, than we can issue the same command with (-j ACCEPT) rather than dropping it.
iptables -A INPUT -p tcp --dport 22 ! -s 19.84.20.11 -j ACCEPT
Now everyone but my home network can ssh into this box.
If we wanted to "flush" our chain, we can issue the following command;
iptables -F
That will have removed all the rules in the chain.
Another nice feature of iptables is the ability to redirect traffic to another port, so for example if we issued the following command than we would be redirecting the unwanted traffic from SSH to our honeypot's port.
iptables -t nat -A PREROUTING -p tcp --dport 22 ! -s 19.84.20.11 -j REDIRECT --to-port 1984
Now, nat rules are located in a separate are than you average rules. If we wanted to view these rules than we would need to explicitly specify that it's the nat rules we want to see or modify. For example, to view the rules and then flush them we would issue the following;
iptables -t nat -L -nv
iptables -t nat -F
That about wraps it up for my "how to" on getting started with iptables. Hope this helps someone else out there.