IPTables IPTablesis a front-end to control and manage netfilter.
We will focus on layer 3 (Network) controlling source and destination IP Addresses, and layer 4 (ransport) TCP and UDP.
Filter table uses to control IP packets filtering, and it’s consist of 3 chains (INPUT, FORWARD and OUTPUT)
How To use IPTables IPTables command consist of parts, let’s discuss iptables command fields
1- iptables
2- action APPEND, replace, inseart, delete..) followed by name of the chain such as (INPUT, FORWARD or OUTPUT) for Filter tables.
Matching in IPTables IPTables basically based on matching all packets with rules in IPTables tables (Filter, NAT, Mangle) So we can manage matching based on various ways (MAC, IP, ports, protocols .. etc ) or we can say it’s based on Network layers (Data Link, Network, Transport).
For layer 2 (Data Link) based on MAC address For source MAC You can use this flag -m mac --mac-source and for destination MAC you can use this flag -m mac --mac-destination, this will match based on MAC address instead of IP address
Adding new chain You can use this flag iptables -N LAN
Example:
To manage your Intranet easily you should write a new chain and write Intranet rules in this chain.
1- Create new chain ptables -N LAN
2- Forward all traffic in network (192.168.0.0/24) into LAN chain.
iptables -I INPUT 1 -s 192.168.0.0/24 -j LAN
Then you can manage your Intranet rules easily in LAN chain such as:
iptables -A LAN -p tcp --dport 22 -j ACCEPT
This article about how to build a secure browsing environment and how to escape firewall rules or even escaping ISPs rules over browsing (HTTP and HTTPS).
The idea here is to forward all your traffic down in a tunnel(SSH tunnel) into another server and that server forwards your traffic to its destination point.
The SOCKS protocol binds your browser to the tunnel via a local port.
First we going to try it on Linux OS and then on Android.
inetd It’s daemon listens on specific ports such as (telnet 23, ftp 21), when it receive a packet, it’s lunches the appropriate program to handle the connection.
Xinetd It does the same work as inetd, but with more security such as (TCP Wrapper).
TCP Wrapper It supports TCP/IP security by using (Access Control List), it works with Xinetd to support security for some services such as telnet or ftp even SSH.
We will start to navigate Linux security from zero, how to protect your system from unauthorized users, and how to monitoring your Linux system (demons, ports, processes and services installed on your machine)
Read log Files When i login to my system i have to read two important files (boot.log and dmesg.log), these files show me boot sequence and booting hardware such as hard disk and network adapter, and if there any problem in booting operation.
