Jump to content

Search the Community

Showing results for tags 'iptables'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ANNOUNCEMENTS
    • ANNOUNCEMENTS
  • CERTIFICATION - - - - - NO REQUESTS IN THESE FORUMS - - - - -
    • CISCO SYSTEMS
    • COMPTIA
    • LINUX
    • MICROSOFT
    • ORACLE
    • PROJECT MANAGEMENT
    • SECURITY CERTIFICATIONS
    • SUN MICROSYSTEMS
    • WIRELESS
    • OTHER CERTIFICATIONS
  • CISCO TECHNICAL SECTION
    • CISCO LABS
    • GNS3
    • NETWORK INFRASTRUCTURE
    • SECURITY
    • WIRELESS
    • SERVICE PROVIDERS
    • COLLABORATION, VOICE AND VIDEO
    • DATA CENTER
    • SMALL BUSINESS
  • MICROSOFT TECHNICAL SECTION
  • OTHER TECHNICAL SECTION
  • TRAINING OFFERS & REQUESTS
  • CERTCOLLECTION MALL
  • GENERAL FORUMS
  • COMMUNITY CENTER

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 5 results

  1. Udemy - Linux Security - The Complete Iptables Firewall Guide [hide][Hidden Content]]
  2. Hi, I'm going to try to pass RHCSA version 6 (not 7, yes, I know, I'm already late... ) in a few weeks. Two questions: 1 - Can I safely turn off the firewall via "iptables -F" on the exam? 2 - If I do that, can I safely omit typing these lines if I'm I asked to configure a vsftpd server? iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT Edit the /etc/sysconfig/iptables-config file and change the IPTABLES_MODULES directive: IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp" What do you think?
  3. IPTABLES TUTORIAL: iptables is the open source firewall , default it is integrated with linux kernel itself. usually backend is called as netfilter. iptables is the tool which helps us to manage the netfilter firewall. it has all the functionalities what commercial firewall has like natting, filtering. by writing the efficient rules in the iptables we can save our environment from external threats. it is also stateful firewall. what is stateful firewall? stateful firewall ultimately track the state of the packets which is moving through our firewall machine. in tcp stack implementation if you analyze the tcp header we have one field called fragment id. when packet been fragmented it will be assigned with common fragment id. example if you blocked the icmp packets in your firewall and if it is not stateful firewall what happen?. if the packet exceeds the actual mtu size then it will be fragmented by our stack. and the first packet only consist the protocol field with the flag set as mf(more fragments 1). then other than first packet another packet does not have the protocol field. only all the packets shared the common fragment id. so stateless firewall block the first packet , because it holds icmp in it protocol field. other then first packet all packets allowed by our firewall. because all other packets does not have the protocol header. but what stageful firewall will do, if any packet matches the rule it will track both the protocol field and fragment id field in one table ,which is called stateful table. here all the tracked packet infos has been maintaining by our firewall. in our case it will track the first icmp packet fragment id, and if any packets arrived with the same fragment id it will be discarded. this is the mechanism how stateful operates. iptables packet processing mechanism: 1. look for the state table whether the arrived packets info available or not. 2. if matches then do the action(drop/accept/log) 3. if info not available in the state table then look for the routing table. 4. if routing to the local destination then look for the filter table to take the necessary action. 5. if routing is to the external destination then look for the nat table. and if it is snat then post-routing will be done. 6. if it is dnat then pre-routing will be performed. tables in iptables: 1. mangle table 2. nat table 3. filter table each table contain some chains to take the decision : 1. mangle table a. input b. output c. forward d. pre-routing e. post-routing 2. nat table: a. pre-routing b. post-routing 3. filter table: a. input b. output c. forward next part will be posted once i prepared..thanks for reading...
  4. Which is recommended in RHCE exam, append or insert. Does the order of firewall configuration really matters just like in cisco's access lists i.e. if the first access list matched, rest of access lists are not chcked and there is an implicit deny at the end. If the order of configuration really matters, then what must be the order between these services : ssh, ftp, dovecot, nfs, smtp and httpd.
  5. Was thinking of taking the RH413 exam this summer, wondering if it's still on RHEL 6.4, as the 2013 manual indicates, or if it has moved on to RHEL 7. Anybody taken it recently? I suppose the only major difference is firewalld vs iptables but still nice to know.
×
×
  • Create New...