Steps:
1. Create a file iptables.rules with below content.
2. Load rules #iptables-restore < iptables.rules
3. Also Start http service. #service httpd restart
4. cd /var/www/html and create a index.html file.
5. From other system try to ping firewall machine- Observe what happens?
6. From other system try $curlfirewall machine> - Observe what happens after 10 requests.
Happy firewalling ;)
# cat iptables.rules
# Generated by iptables-save v1.4.7 on Wed Jun 8 00:51:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ICMPCHK - [0:0]
:tcpchk - [0:0]
:ssh - [0:0]
:http - [0:0]
# Rule will pass to ssh chain
-A INPUT -p tcp -m tcp --dport 5555 -j ssh
#Rule will pass to ICMPCHK chain
-A INPUT -p icmp --icmp-type echo-request -j ICMPCHK
#Rule will pass to http chain
-A INPUT -p tcp -m tcp --dport 80 -j http
# Any traffic to port 80 will be accepted
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Drop all packets
-A INPUT -j DROP
# Output chain
-A OUTPUT -p udp -m udp --dport 5555 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5555 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --set --name DEFAULT --rsource
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 2 --name DEFAULT --rsource -m limit --limit 2/min -j LOG --log-prefix "SSH-ATTACK : " --log-level 5
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name DEFAULT --rsource -j REJECT --reject-with tcp-reset
-A ssh -p tcp -m tcp --dport 5555 -j ACCEPT
-A ssh -j RETURN
#Rule for counting of incoming connections.
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set --name DDOS
#Rule to write log
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --name DDOS --seconds 30 --hitcount 10 -j LOG --log-prefix "DDOS : " --log-level 5
# Rule check number of connection made from an ip to port 80. If count is >10, Client is made to wait for 30 seconds and allowed.
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --name DDOS --seconds 30 --hitcount 10 -j DROP
# Generally accept http
-A http -j ACCEPT
-A http -j RETURN
#Rule to limit pings
-A ICMPCHK -p icmp --icmp-type echo-request -m limit --limit 3/min --limit-burst 5 -j ACCEPT
-A ICMPCHK -p icmp --icmp-type echo-request -m limit --limit 3/min --limit-burst 5 -j LOG --log-prefix "ICMP-CHK-LIMITED: "
-A ICMPCHK -p icmp -j DROP
-A ICMPCHK -j RETURN
COMMIT
*nat
:PREROUTING ACCEPT [15030:976242]
:POSTROUTING ACCEPT [5423:372090]
:OUTPUT ACCEPT [4987:357161]
COMMIT
1. Create a file iptables.rules with below content.
2. Load rules #iptables-restore < iptables.rules
3. Also Start http service. #service httpd restart
4. cd /var/www/html and create a index.html file.
5. From other system try to ping firewall machine- Observe what happens?
6. From other system try $curl
Happy firewalling ;)
# cat iptables.rules
# Generated by iptables-save v1.4.7 on Wed Jun 8 00:51:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ICMPCHK - [0:0]
:tcpchk - [0:0]
:ssh - [0:0]
:http - [0:0]
# Rule will pass to ssh chain
-A INPUT -p tcp -m tcp --dport 5555 -j ssh
#Rule will pass to ICMPCHK chain
-A INPUT -p icmp --icmp-type echo-request -j ICMPCHK
#Rule will pass to http chain
-A INPUT -p tcp -m tcp --dport 80 -j http
# Any traffic to port 80 will be accepted
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Drop all packets
-A INPUT -j DROP
# Output chain
-A OUTPUT -p udp -m udp --dport 5555 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5555 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --set --name DEFAULT --rsource
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 2 --name DEFAULT --rsource -m limit --limit 2/min -j LOG --log-prefix "SSH-ATTACK : " --log-level 5
-A ssh -p tcp -m tcp --dport 5555 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name DEFAULT --rsource -j REJECT --reject-with tcp-reset
-A ssh -p tcp -m tcp --dport 5555 -j ACCEPT
-A ssh -j RETURN
#Rule for counting of incoming connections.
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set --name DDOS
#Rule to write log
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --name DDOS --seconds 30 --hitcount 10 -j LOG --log-prefix "DDOS : " --log-level 5
# Rule check number of connection made from an ip to port 80. If count is >10, Client is made to wait for 30 seconds and allowed.
-A http -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --name DDOS --seconds 30 --hitcount 10 -j DROP
# Generally accept http
-A http -j ACCEPT
-A http -j RETURN
#Rule to limit pings
-A ICMPCHK -p icmp --icmp-type echo-request -m limit --limit 3/min --limit-burst 5 -j ACCEPT
-A ICMPCHK -p icmp --icmp-type echo-request -m limit --limit 3/min --limit-burst 5 -j LOG --log-prefix "ICMP-CHK-LIMITED: "
-A ICMPCHK -p icmp -j DROP
-A ICMPCHK -j RETURN
COMMIT
*nat
:PREROUTING ACCEPT [15030:976242]
:POSTROUTING ACCEPT [5423:372090]
:OUTPUT ACCEPT [4987:357161]
COMMIT