.png)
Blocking network traffic on a Linux System using iptables or ipchains
When someone from outside your network or system attempt to enter your system without permission he has to deal with your firewall first. If the firewall is not strong enough the intruder can have an easy time attacking your system. Even on home computers that are not connected to public networks can become a victim of unwanted intrusion.
Linux systems come built-in with a fine firewall with-in the Kernel. The firewall can be configured by the superuser using an interface. Two available interfaces are called ipchains and iptables. ipchains uses a stateless packet filter, meaning that package will be filtered against the set of pre-defined rules but the decision taken against the package won't be influenced by the previous packages.
While ipchains benefits from stateless model, iptables uses the stateful package model. The decisions to accept, reject, or forward a package are influenced by the previous packages in iptables. Only one of the two interfaces can be used at a time and this decision can only be made at kernel compile time.
So, if you haven't compiled your own kernel (you wouldn't have, if you are using a distribution released by someone other than you), then you would have to find out what interface the kernel of your distribution uses.
Block incoming network traffic
If you block incoming network traffic from your system the outgoing network traffic won't be affected by it. Using this method the firewall will block all traffic that is not sent by your system. You can use the following commands to block incoming network traffic:
For iptables
# iptables -F INPUT # iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT # iptables -A INPUT -j REJECT
For ipchains
# ipchains -F input # ipchains -A input -i lo -j ACCEPT # ipchains -A input -p tcp --syn -j REJECT # ipchains -A input -p udp --dport 0:1023 -j REJECT
Block outgoing network traffic
For iptables
The following commands will block all the outgoing signals from your system. This won't affect any of the incoming traffic on your network:
# iptables -F OUTPUT # iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT # iptables -A OUTPUT -j REJECT
For ipchains
# ipchains -F output # ipchains -A output -p tcp ! --syn -j ACCEPT # ipchains -A output -j REJECT
Block all network traffic
The easiest way to block all network traffic is to stop your network device or may be a simple act of unplugging the network cable can do. But, if you want to do it using the firewall you will have to enter the following commands:
For iptables
# iptables -F # iptables -A INPUT -j REJECT # iptables -A OUTPUT -j REJECT # iptables -A FORWARD -j REJECT
For ipchains
# ipchains -F # ipchains -A input -j REJECT # ipchains -A output -j REJECT # ipchains -A forward -j REJECT
0 comments: