What is a firewall
Firewall (English: Firewall) technology helps computer networks connect internal and external networks by organically combining various software and hardware devices for security management and screening. A technology that builds a relatively isolated protective barrier to protect the security of user data and information.
Classification of security technologies
1. Intrusion detection mechanism Features: Block, quantify, and locate threats to the network from both inside and outside.
Provide alarm and time supervision, similar to monitoring.
2. Intrusion prevention works in transparent mode, analyzes the contents of data packets, and protects everything that enters the machine. Trojans, worms, and system vulnerabilities are analyzed and judged, and then blocked, which is an active protection mechanism. Deployed throughout the architecture or at the entrance to the cluster. (The only way to go)
3. Firewall: Isolation function, working at the edge of the network or host.
Detect the data packets entering and exiting the network or host according to certain rules. (Packets forwarded by the network layer)
At work, we generally set the firewall to a whitelist (deny all, allow some)
4. Waterproof wall, transparent mode, Huawei’s ensp monitoring is a firewall. Everything is transparent to the waterproof wall.
Testing can be done before, during, and after the event.
Types of firewalls
Firewalls can be divided into two categories by protection scope:
Host firewall (firewalld) only serves the current host
Network firewall (iptables)Packet filtering firewall. Access control, combined monitoring of each data packet’s source IP address, destination IP address, port number, protocol, etc., to monitor whether the data packet is allowed to pass.
What are the five elements and four elements of communication? ? ?
Five elements: source/destination IP source/destination port protocol
Four elements: source/destination IP source/destination port
Introduction to iptables
IPTABLES is an IP packet filtering system integrated with the latest version 3.5 Linux kernel. This system facilitates better control over IP packet filtering and firewall configuration on Linux systems if they are connected to the Internet or LAN, a server, or a proxy server that connects the LAN to the Internet.
Four tables and five chains of Iptables
Four tables:
Table name | Function |
raw | Connection tracking, a mechanism for tracking data. After configuration, you can speed up the firewall traversal (turn off tracking in raw) |
mangle | Modify the marking bit rules of data packets |
nat | Address translation Rule table |
filter | Packet filtering rule table. Filter qualified data packets according to predefined rules and manually set rules, which is also the default table of iptables |
The four tables have priority:
raw—>mangle—>nat—>filter
Five chains
Chain name | Function |
prerouting chain: |
Rules for processing data packets entering the local machine |
input chain: |
Rules for processing data packets entering the machine |
FORWARD: |
Rules for handling packet forwarding to other hosts |
output: |
Rules for processing data packets sent by this machine, generally not processed Generally no restrictions on exports |
postouting: |
NAT rules for processing data packets after they leave the machine |
Matching process
The relationship between four tables and five links
The role of the rule table: to accommodate various rule chains
The role of the rule chain: to accommodate the rules of various firewalls
Simple memory is: there are chains in the table and rules in the chains
iptables management options
Format:
Command format:
iptables [-t table name] management options [chain name] [matching conditions] [-j control type]
Management Options | Function |
-A | Append at the end of the specified chain |
-I | Insert a new rule at the line of the specified chain. You can specify where to insert the rule. |
-P | Modify the default strategy (chain strategy) |
-D | Delete |
-R | Modify, replace rules |
-L | View the rules of the specified chain |
-n | Show rules as numbers |
-v | View details |
–line-numbers | Number the rules in each chain to view. |
-F | Clear the rules in the specified chain (use with caution) |
-X | Clear from Rules for defining chains |
-t | Specify table name |
Matching conditions
Matching conditions | Function |
-p | Specify the protocol type of the packet |
-s | Specify the source IP address of the packet |
-d | Specify the destination IP address of the packet |
-i | Specify the network interface through which data packets enter the machine |
-o | Specify the network interface used when the data packet leaves the machine |
–sporrt | Specify source port |
–dport | Specify the destination port number |
iptables control type (all uppercase)
Format:
-j: control type
Control type | Function |
ACCEPT | Allow packets to pass |
DROP | Reject the passage of data packets, discard the data packets directly, and do not give any response information< /strong> |
REJECT | Reject, refuse the data packet to pass, but will give an echo message (response message) |
SNAT | Modify the source address of the packet |
DNAT | Modify the destination address of the data packet |