Added 'Using iptables'

1 files changed, 262 insertions, 0 deletions

diff --git a/md/writeup/using_iptables.md b/md/writeup/using_iptables.md
new file mode 100644
index 0000000..8b38488
--- /dev/null
+++ b/md/writeup/using_iptables.md
@@ -0,0 +1,262 @@
+# Iptables
+
+## Intro
+
+iptables is linux firewall that uses linux kernel netfilters to expose in kernel
+stuff to userland. Here is notes how to fulfill various tasks block, forward 
+or prank this silly network packets. 
+
+## Examples
+
+SIP - Server IP, your machine ip address
+
+__General cmd flag description__
+
+| Flag | Desc |
+| --- | --- |
+| -A | Add a rule |
+| -D | Delete rule from table |
+| -F | Flush rules |
+| -L | List chain |
+| -R | Replace chain |
+| -I | Insert chain |
+| -N | Create new chain |
+| -J | Jump to target |
+| -X | Delete chain |
+| -p | To specify protocol (here 'icmp') |
+| -s | Ip addr |
+| --icmp-type | For specifying type |
+| -t | command matching table |
+| -j | jump target |
+| -i | interface name |
+
+__Command matching table names__
+
+| table | desc |
+| --- | --- |
+| filter   | default table INPUT/OUTPUT/FORWARD |
+| nat      | new connection created PREROUTING/OUTPUT/POSTROUTING |
+| mangle   | specialize packet alternation PREROUTING/OUTPUT/INPUT/FORWARD/POSTROUTING  |
+| raw      | configuring exemptions from connection tracking PREROUTING/OUTPUT |
+| security | Mandatory Access Control (MAC) networking rules INPUT/OUTPUT/FORWARD |
+
+__Adding rulle targets__
+
+| adding | desc |
+| --- | --- |
+| INPUT       | for packets destined to local sockets |
+| OUTPUT      | for locally-generated packet |
+| FORWARD     | for altering packets being routed through the box |
+| PREROUTING  | for altering incoming packets before routing |
+| POSTROUTING | for altering packets as they are about to go out |
+
+### List all rulles
+
+```
+iptables -L
+```
+
+List iptables rulles with extra output that could be usefull
+
+```
+iptables -nL -v --line-numbers
+```
+
+### Remove rulle
+
+To delete specific rulle run 
+
+```
+iptables -nL -v --line-numbers
+```
+search for chain and rulle number and delete it with next line
+
+```
+iptables -D [chain_name] [line_number]
+```
+
+### Load/store rulles
+
+Save iptable rulles to file
+
+```
+iptables-save > /tmp/cool.rulles
+```
+
+Load rulles from file
+
+```
+iptables-restore < /tmp/cool.rules
+```
+
+### Remove chain
+
+```
+iptales -X chain_name
+```
+
+### Block ICMP (No ping) from outside
+
+Createing chain where ping related rules will be located
+
+```
+iptables -N ping_in
+iptables -t filter -A INPUT -j ping_in
+iptables -N ping_out
+iptables -t filter -A OUTPUT -j ping_out
+```
+
+After creating chains output looks like
+
+```
+Chain INPUT (policy ACCEPT)
+target     prot opt source               destination         
+ping_in    all  --  anywhere             anywhere            
+
+Chain FORWARD (policy ACCEPT)
+target     prot opt source               destination         
+
+Chain OUTPUT (policy ACCEPT)
+target     prot opt source               destination         
+ping_out   all  --  anywhere             anywhere            
+
+Chain ping_in (1 references)
+target     prot opt source               destination         
+
+Chain ping_out (1 references)
+target     prot opt source               destination  
+```
+
+#### Block outside ping
+
+Lets block if someone tryes to ping us, juct block usual ping echo request,
+not blocking ICMP protocol as such.
+
+```
+iptables -A ping_in -p icmp --icmp-type echo-request -j REJECT
+iptables -A ping_out -p icmp --icmp-type echo-reply -j DROP
+```
+
+#### Block inside ping
+
+If dont whant to use ping, or dont whant that other use pinging
+
+```
+iptables -A ping_out -p icmp --icmp-type echo-request -j DROP
+iptables -A ping_in -p icmp --icmp-type echo-reply -j DROP
+```
+
+### Port forwarding
+
+Forward ports
+
+```
+iptables -t nat -A PREROUTING -p tcp --dport <incoming-port> -j REDIRECT --to-port <destination-port>
+```
+
+Forward port to different ip
+
+```
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.5:8080
+```
+
+### IP forwarding
+
+
+Check if ip forwarding is set
+
+```
+cat /proc/sys/net/ipv4/ip_forward
+```
+
+if _0_ then not, set to _1_
+
+```
+echo 1 > /proc/sys/net/ipv4/ip_forward
+```
+
+```
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 216.58.213.174:80
+iptables -t nat -A POSTROUTING -j MASQUERADE
+```
+
+### Block port
+
+Usefull command to see with ports are used and programm that are using
+
+``` 
+netstat -tulpn
+```
+
+Here is list of popular protocols and services ports
+
+| Proto | Service | Port | Desc |
+| --- | --- | --- | --- |
+| TCP     | HTTP   | 80  | plain text internet |
+| TCP     | HTTPS  | 443 | SSL'ed plain text internet |
+| TCP     | SMPT   | 25  | Simple Mail Transfer Protocol, used for e-mail routing between mail servers |
+| TCP     | SSH    | 22  | Secure shell, remote login |
+| TCP     | POP3   | 110 | Post Office Protocol used for emailing |
+| TCP     | IMAP   | 143 | management of email messages, used for emailing |
+| TCP     | DNS    | 53  | domain name resolving protocol |
+| TCP/UDP | Telnet | 23  | old school plain text login shell |
+
+
+If there is some unwanted service running, or you dont whant in future that
+it trying to make some connection without your allowance. Lets block port as
+such.
+
+```
+iptables -A INPUT -p tcp --dport 25 -j DROP
+iptables -A INPUT -p udp --dport 25 -j DROP
+```
+
+### Block IP
+
+#### Incoming ip
+Lets block just incoming ip
+
+```
+iptables -A INPUT -s 8.8.8.8 -j DROP
+```
+
+#### By port
+
+Block ip to access specific port
+
+```
+iptables -A INPUT -s 8.8.8.8 -p tcp --destination-port 25 -j DROP
+```
+
+### Loging
+
+Log droppend packages
+
+```
+iptables -A INPUT -m limit --limit 2/min -j LOG --log-level 4 --log-prefix 'In2/m '
+```
+
+## Playing with system
+
+Lets make our system more secure or lets make some jokes, if you are user in
+the system admins could be not happy with this jokes ;].
+
+### Securety related iptable rulles
+
+### Joke iptable rullez
+
+
+
+## Links
+1. https://en.wikipedia.org/wiki/Iptables  
+2. http://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html  
+3. http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/
+4. http://crybit.com/iptables-rules-for-icmp/  
+5. https://www.safaribooksonline.com/library/view/linux-server-hacks/0596004613/ch04s06.html  
+6. https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers  
+7. https://spin.atomicobject.com/2012/10/01/useful-iptables-port-forwarding-patterns/
+8. http://wiki.vpsget.com/index.php/Forward_%28redirect/nat%29_traffic_with_iptables
+9. https://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/
+10. http://www.cyberciti.biz/faq/how-to-save-restore-iptables-firewall-config-ubuntu/
+11. http://ipset.netfilter.org/iptables.man.html
+12. http://gr8idea.info/os/tutorials/security/iptables5.html
\ No newline at end of file