This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
hardware_-_firewall_rules [10/08/2019 02:24] – dmax | hardware_-_firewall_rules [10/09/2019 02:31] – gfactor | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | === Netfilter Tutorial - | + | === Netfilter Tutorial - |
\\ | \\ | ||
- | Iptables Linux firewall is used to monitor incoming and outgoing traffic to a computer and filter it based on user-defined rules to prevent anyone from accessing the computer or IP masqueraded devices. Using Iptables | + | Iptables Linux firewall is used to monitor incoming and outgoing traffic to a computer and filter it based on user-defined rules to prevent anyone from accessing the computer or IP masqueraded devices. Using iptables |
- | ==What | + | ==What |
Before you begin with Iptables tutorial, you will need the following: | Before you begin with Iptables tutorial, you will need the following: | ||
- | A local machine with SSH client installed. Putty [[https:// | + | A local machine with SSH client installed. Putty [[https:// |
- | ==Understand | + | ==Understand |
All data is sent in the form packets over the internet. Linux kernel provides an interface to filter both incoming and outgoing traffic packets using tables of packet filters. Iptables is a command line application and a Linux firewall that you can use to set-up, maintain and inspect these tables. Multiple tables can be defined. Each table can contain multiple chains. A chain is nothing but a set of rules. Each rule defines what to do with the packet if it matches with that packet. When the packet is matched, it is given a TARGET. A target can be another chain to match with or one of the following special values: | All data is sent in the form packets over the internet. Linux kernel provides an interface to filter both incoming and outgoing traffic packets using tables of packet filters. Iptables is a command line application and a Linux firewall that you can use to set-up, maintain and inspect these tables. Multiple tables can be defined. Each table can contain multiple chains. A chain is nothing but a set of rules. Each rule defines what to do with the packet if it matches with that packet. When the packet is matched, it is given a TARGET. A target can be another chain to match with or one of the following special values: | ||
Line 16: | Line 16: | ||
DROP: It means that packet will not be allowed to pass through.\\ | DROP: It means that packet will not be allowed to pass through.\\ | ||
RETURN: It means to skip the current chain and go back to the next rule from the chain it was called in. | RETURN: It means to skip the current chain and go back to the next rule from the chain it was called in. | ||
- | For the scope of this iptables tutorial, we are going to work with one of the default tables called filter. Filters table has three chains ( sets of rules).\\ | + | For the scope of this iptables tutorial, we are going to work with one of the default tables called filter. Filters table has three chains (sets of rules).\\ |
INPUT – This chain is used to control incoming packets to the server. You can block/allow connections based on port, protocol or source IP address.\\ | INPUT – This chain is used to control incoming packets to the server. You can block/allow connections based on port, protocol or source IP address.\\ | ||
Line 23: | Line 23: | ||
{{ : | {{ : | ||
- | == Only few commands you will ever need == | + | == The Only Few Commands You Will Ever Need == |
- | This section assumes you are already SSH'ed into the QORT router. Look at Getting Started [[hardware_-_getting_started|Work in progress]] | + | This section assumes |
- | * iptables -L -v ( list current firewall rules ) \\ | + | * iptables -L -v (list current firewall rules) \\ |
- | * iptables -F ( flush all rules ) \\ | + | * iptables -F (flush all rules) \\ |
- | * iptables-save > / | + | * iptables-save > / |
== Adding Your Firewall Rules == | == Adding Your Firewall Rules == | ||
Line 35: | Line 35: | ||
These rules are copy and paste. Simply paste them at the QORT terminal via SSH and save. \\ | These rules are copy and paste. Simply paste them at the QORT terminal via SSH and save. \\ | ||
- | //**Block outgoing port:**// / | + | //**Block outgoing port:**// / |
Examples: \\ | Examples: \\ | ||
Line 41: | Line 41: | ||
//**Block HTTP**// / | //**Block HTTP**// / | ||
//**Block HTTPS**// / | //**Block HTTPS**// / | ||
- | // | + | // |
//**Block incoming port:**// / | //**Block incoming port:**// / | ||
Line 52: | Line 52: | ||
// | // | ||
- | It is fairly simple to view what is happening on the router. The pre-installed utility " | + | It is fairly simple to view what is happening on the router. The pre-installed utility " |
// | // | ||
- | // | + | // \\ |
+ | |||
+ | Note that port 53 is used for DNS queries. If you want to see the web site traffic, replace it with port 80. | ||
+ | |||
+ | // | ||
+ | |||
+ | The QORT Router comes ready with your own Tor dedicated gateway. You can use it for all types of internet traffic on the router itself and on connected devices such as browsers, QT wallets, Torrents for safety and privacy which is a big deal these days.\\ | ||
+ | {{ : | ||
+ | |||
+ | For details on Tor access and it's utilization for connected, head over to [[hardware_-_service_access|Service Access]] |