IPTables 2
- Matching in IPTables
So we can manage matching based on various ways (MAC , IP , ports , protocols .. etc ) or we can say it's based on Network layers (Data Link , Network , Transport).
- For layer 2 (Data Link) based on MAC address:
For source MAC You can use this flag (-m mac --mac-source)
For destination MAC you can use this flag (-m mac --mac-destination)
This will match based in MAC address instead of IP address
Example :
To block traffic from 192.168.0.5 with MAC address (00:C6:3A:54:8D:05)
iptables -A INPUT -m mac --mac-source 00:c6:3A:54:8D:05 -J RDOP
- For Layer 3 (Network) based on IP address:
For source IP you can use this flags(-s or --src or --source)
For destination IP you can use this flags (-d or --dst or --destination)
Example:
Block all traffic from 192.168.0.5
iptables -A INPUT -s 192.168.0.5 -J DROP
or
iptables -A INPUT --src 192.168.0.5 -J DROP
or
iptables -A INPUT --source 192.168.0.5 -J DROP
- For layer 4 (Transport) Baed on protocol and ports:
Protocols such as (TCP UDP ICMP)
For protocol you can use this flag (-p or --protocol)
For source port you can use this flags (--sport or --source-port)
For destination port you can use this flags (--dport or --destination-port)
Example for TCP:
Allow host 192.168.0.5 to connect with my SSH
iptables -A INPUT -s 192.168.0.5 -p tcp --dport 22 -J ACCEPT
Example for UDP:
1-Allow hosts to connect with my NTP (port=123)
iptables -A INPUT -p udp --dport 123 -J ACCEPT
2- Deny access to syslog (port=514)
iptables -A INPUT -p udp --dport 514 -J DROP
How to deal with ICMP protocol ?
There are two of ICMP types
1- echo-request
2- echo-replay
Example:
ping 10.0.0.10
This mean my computer send echo-request to 10.0.0.10 and this host sends echo-replay
This process known as ping or
ping for echo-request
pong for echo-replay
Now how to handling ICMP in IPTables ?
by using protocol flags ( -p or --protocol ) and use (--icmp-type) to specify which type you want to deal with.
Example:
blocking my computer to replay on ping request or (deny echo-replay)
iptables -A INPUT -p icmp --icmp-type echo-replay -J DROP