Teach you how to use Linux firewall to isolate local spoofed addresses!
How to use iptables firewall to protect your network from hackers.
Even in remote networks protected by intrusion detection and isolation systems, hackers are still finding various sophisticated ways to invade. IDS/IPS cannot stop or reduce attacks by hackers who want to take over control of your network. Improper configuration allows an attacker to bypass all deployed security measures.
In this article, I will explain how a security engineer or system administrator can avoid these attacks.
Almost all Linux distributions come with a built-in firewall to protect processes and applications running on the Linux host. Most firewalls are designed as IDS/IPS solutions. The main purpose of such a design is to detect and prevent malicious packets from gaining entry into the network.
Linux firewalls usually have two interfaces: iptables and ipchains programs (LCTT translation: on systems that support systemd, the newer interface firewalld is used). Most people refer to these interfaces as iptables firewall or ipchains firewall. Both interfaces are designed as packet filters. iptables is a stateful firewall that makes decisions based on previous packets. ipchains does not make decisions based on previous packets, it is designed to be a stateless firewall.
In this article, we will focus on the iptables firewall that appeared after kernel 2.4.
With iptables firewall, you can create policies or ordered rule sets that tell the kernel how to treat specific packets. In the kernel is the Netfilter framework. Netfilter is both the framework and the project name of the iptables firewall. As a framework, Netfilter allows iptables hooks to be designed to manipulate packet functionality. In a nutshell, iptables relies on the Netfilter framework to build functionality such as filtering packet data.
Each iptables rule is applied to a chain in a table. An iptables chain is a set of rules that compare packages for similar characteristics. Tables (such as nat or mangle) describe different functional directories. For example, the mangle table is used to modify package data. Therefore, specific rules for modifying packet data are applied here; and filtering rules are applied to the filter table because the filter table filters packet data.
An iptables rule has a match set, and a target such as Drop or Deny, which tells iptables what to do with a packet to comply with the rule. Therefore, without targets and match sets, iptables cannot process packets efficiently. If a packet matches a rule, the target points to a specific action that will be taken. On the other hand, in order for iptables to process it, each packet must match before it can be processed.
Now that we know how iptables firewall works, let’s look at how to use iptables firewall to detect and reject or drop spoofed addresses.
As a security engineer, when dealing with remote spoofed addresses, the first step I take is to turn on source address verification in the kernel.
Source address verification is a kernel-level feature that drops packets pretending to come from your network. This feature uses the reverse path filter method to check whether the source address of a received packet is reachable through the interface on which the packet arrived. (LCTT translation annotation: The source address of the arriving packet should be reachable in the reverse direction from the network interface it arrived on. This effect can be achieved by simply reversing the source address and destination address)
Use the following simple script to turn on source address verification without manual operation:
#!/bin/sh #作者: Michael K Aboagye #程序目标: 打开反向路径过滤 #日期: 7/02/18 #在屏幕上显示 “enabling source address verification” echo -n "Enabling source address verification…" #将值0覆盖为1来打开源地址验证 echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter echo "completed"
When the above script is executed, it only displays the message Enabling source address verification and does not wrap the line. The default reverse path filtering value is 0, which means no source verification. Therefore, the second line simply overrides the default value of 0 to 1. 1 means that the kernel will verify the source address by confirming the reverse path.
Finally, you can use the following command to drop or reject spoofed addresses from the remote host by selecting one of the DROP or REJECT targets. However, for security reasons, I recommend using the DROP target.
Replace the IP-address placeholder with your own IP address like below. In addition, you must choose to use either REJECT or DROP, not both at the same time.
iptables -A INPUT -i internal_interface -s IP_address -j REJECT / DROP iptables -A INPUT -i internal_interface -s 192.168.0.0/16 -j REJECT / DROP
This article only provides basic knowledge on how to use iptables firewall to avoid remote spoofing attacks.
The above is the detailed content of Teach you how to use Linux firewall to isolate local spoofed addresses!. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1381
52
Difference between centos and ubuntu
Apr 14, 2025 pm 09:09 PM
The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
How to install centos
Apr 14, 2025 pm 09:03 PM
CentOS installation steps: Download the ISO image and burn bootable media; boot and select the installation source; select the language and keyboard layout; configure the network; partition the hard disk; set the system clock; create the root user; select the software package; start the installation; restart and boot from the hard disk after the installation is completed.
Centos stops maintenance 2024
Apr 14, 2025 pm 08:39 PM
CentOS will be shut down in 2024 because its upstream distribution, RHEL 8, has been shut down. This shutdown will affect the CentOS 8 system, preventing it from continuing to receive updates. Users should plan for migration, and recommended options include CentOS Stream, AlmaLinux, and Rocky Linux to keep the system safe and stable.
Detailed explanation of docker principle
Apr 14, 2025 pm 11:57 PM
Docker uses Linux kernel features to provide an efficient and isolated application running environment. Its working principle is as follows: 1. The mirror is used as a read-only template, which contains everything you need to run the application; 2. The Union File System (UnionFS) stacks multiple file systems, only storing the differences, saving space and speeding up; 3. The daemon manages the mirrors and containers, and the client uses them for interaction; 4. Namespaces and cgroups implement container isolation and resource limitations; 5. Multiple network modes support container interconnection. Only by understanding these core concepts can you better utilize Docker.
Centos options after stopping maintenance
Apr 14, 2025 pm 08:51 PM
CentOS has been discontinued, alternatives include: 1. Rocky Linux (best compatibility); 2. AlmaLinux (compatible with CentOS); 3. Ubuntu Server (configuration required); 4. Red Hat Enterprise Linux (commercial version, paid license); 5. Oracle Linux (compatible with CentOS and RHEL). When migrating, considerations are: compatibility, availability, support, cost, and community support.
What to do after centos stops maintenance
Apr 14, 2025 pm 08:48 PM
After CentOS is stopped, users can take the following measures to deal with it: Select a compatible distribution: such as AlmaLinux, Rocky Linux, and CentOS Stream. Migrate to commercial distributions: such as Red Hat Enterprise Linux, Oracle Linux. Upgrade to CentOS 9 Stream: Rolling distribution, providing the latest technology. Select other Linux distributions: such as Ubuntu, Debian. Evaluate other options such as containers, virtual machines, or cloud platforms.
How to use docker desktop
Apr 15, 2025 am 11:45 AM
How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).
What computer configuration is required for vscode
Apr 15, 2025 pm 09:48 PM
VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)
