1. Home
  2. Training Library
  3. Linux Security and Hardening | CSL4 A3.1 |

Configuring the Firewall from the Command Line

Start course
3h 21m

In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.

You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.

In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.

You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.

There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.

Learning Objectives

  • Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn about multi-factor authentication and how it can be implemented in Linux
  • Learn techniques and strategies to secure network services
  • Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits

Now you have all the background and concepts you need to implement a Linux firewall. The command that makes all this happen is IPtables. The IPtables command is for IPV4 and IP6tables is for IPV6. We're going to talk about the IP tables command but if you're working with IPV6 addresses use the IP6tables command. To view or list the chains and rules in a table use IPtables space dash capital L. You can specify a table with a dash T option followed by the table name. If you don't specify a table, the filter table is assumed. If you want to force numeric output use dash N. This will prevent DNS lookups from occurring and all the output will contain IP addresses and no host names. Also port names, won't be translated to service names and the port numbers will be shown instead of those nice service names. Using the dash dash line dash numbers option causes the line numbers to be printed before each rule in a chain. You can use these rule numbers to specify exactly where additional rules should be inserted. You can also delete rules by rule number. Here's some sample output from an IPtables dash capital L command. Because no table was specified the filter table is being displayed. You'll see that the filter table has three chains. The input forward and output chains. There are no rules in these chains at the moment. This is what an IP tables listing could look like on a system that doesn't have the firewall configured. Here's some more sample output from an IPtables listing. Here you can see the same three chains but this time the input chain has some rules. The output shows the target of each rule along with the protocol, any additional options, the source and destination. The built-in chains have a default policy. If a packet reaches the end of a built-in chain then the default policy is applied to that packet. The policy is really a target, like accept or drop for example. To set the default policy use the IP table space dash capital P command followed by the name of the chain, and then the target. If you want to drop all packets that do not match any rules in the input chain of the filter table you would run IPtables space dash capital P space input, space drop. If we go back to our sample output you can see that the default policy is listed for each chain in parentheses. If a packet doesn't match any of the rules in the input chain, it will be dropped. The forward and output chains have a default target of accept. Since there aren't any rules in those chains any packets that traverse the forward or output chain so the filter table will be accepted. If you want to append a rule to the end of the chain use the dash capital A option followed by the name of the chain, and then the rule specification. Again, the filter table is assumed unless the dash T option followed by a table name is supplied. You can use the dash T option with all the other options listed here as well. If you want to insert a rule at the beginning of the chain use dash capital I followed by the rule specification. If you want to answer to rule at the beginning of the chain use dash capital I followed by the name of the chain and then the rule specifications. You can optionally supply a rule number where the rule will be inserted. To delete a chain use dash capital D followed by the name of the chain and the rule specification to delete. If you wanna delete by rule number, use dash capital D followed by the name of the chain, and then the rule number. To flush, which is firewall speak for delete, all the rules in a given table use IPtables space dash capital F. Again, you can specify the table to use with the dash T option. If you want to flush the rules for a specified chain then provide the name of that chain following dash capital F.

About the Author