IPTABLES [PART-1] : "UNDERSTANDING THE CONCEPT"

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys what's up welcome to XPS tech I am vineet and in today's video we'll learn about a powerful Linux tool called iptables which is used to create a quick and powerful firewall for your system IP table provide an interface to work with packet filtering framework off Linux kernel called net filter in very simple terms it is a powerful tool to manage network packets coming to and going out of your system so with IP table you can block or accept or take other actions on network traffic based on different user defined conditions we will discuss what these conditions are and all the possible actions that IP table supports in detail in this video it's been quite a while that I created one of these advanced Linux tutorials so if you liked today's video and want more such videos kindly write that in the comment box alright so let's start today's video all right now for the sake of keeping things simple and understandable I'm going to make two videos on this topic in the first video I'm going to cover the basic concepts of IP tables and then in the second video we'll look at the exact usage command syntax and some live demo on IP tables so make sure you subscribe to XPS tech channel to get the second part of this video all right now when we talk about IP table it is very important that we should understand three terms these three terms are tables chains and rules now if you understand these three terms well it would be very easy to use this tool so let's look at each of these terms one by one first is table no IP table consists of five tables out of which three are main tables and each table has different rules now the first is the filter table now this is the default and the main table used in IP table that means whenever you don't mention any specific table the rule will apply to filter table now as the name suggests the role of this table is of filtering packet that is to make decisions about whether to let a packet continue to its intended destination or to deny its request this is the table that provides majority of function of IP tables and for most occasions this is the table that you would be dealing with second is the NAD table now as the name suggests this table is used to provide network address translation rules now the rules in this table will determine whether to modify and how to modify the packet source or destination addresses in order to route the packet in NAT setup where direct access is not possible now third is the mangled table now this table is used to alter the IP headers of the packet for instance you can adjust the time to live TTL value of the packet either lengthening or shortening the number of valid network hops that the packet can sustain now other IP headers can be altered in similar ways so these were the three main tables the other two are raw and security table both these tables has just one function each raw table is basically used for connection tracking it provides a mechanism for marking packets to view packets as part of an ongoing connection or session security table is used to set internal SELinux security context marks on packets which will affect how SELinux or other system that can interpret selinux security context handle these packets but as I said these are not the main tables and you do not have to worry much about these two tables alright so that was all about the tables next is chains now chains are like points in the route of a packet where you can apply rules there are five chains in IP table they are pre routing input for word output and post routing now all chains are not available for all tables each chain gives you option to take action on the packet at that particular point in the packet route now let's get a more clear picture of all the chains now pre routing chain is applied to any incoming packet very soon after entering the network stack this chain is processed before any routing decision have been made regarding where to send the packet next input chain is a point post pre routing when packet and the system forward chain is applied to a packet that is forwarded through your system an output chain is applied to the packet originated from your system and going out finally post routing is opposite of pre routing this is applied to odd going or forwarded traffic after routing decision has taken place and just before packet is being put on the wire alright so these were on the five chains now as I mentioned earlier not all chains are available for all tables so first we should know which chain is available for which table apart from that we should also know the order in which chain is called for each table and also chain traversal order now this figure shows you the order in which chain is called for different table and also the availability of chain for each table so for filter table you have three chains input forward and output or next is the chain traversal order which is actually the path how the packet traverses so for incoming packets to the local system the traversal order is pre routing and then input for incoming packet that is forwarded to another host traversal order is pre routing forward and post routing and finally for locally generated packets the traversal order is output and post routing or a so now we have covered tables and chains the last thing left is IP table rules now rules are nothing but user-defined commands to manipulate the network traffic now as each chain is called the packet will be checked against each rule within the chain in order if the packet does not match the next rule in the chain is examined if it does match then the next rule is specified by the value of target now each rule has basically two component matching component and a target component matching component is different conditions available to define rules so you can match by protocol type destination or source address destination or source port input or output interface headers etc now these can be combined to create really complex rule sets next is the target component the target component is the action that are triggered when a packet meets the matching criteria of a rule now there are two types of target terminating target and non terminating target not terminating target are basically actions that end the further traversal in that particular chain some examples of terminating targets are accept drop queue return or move to any user-defined chain and in non terminating targets you perform an action and then continue evaluation within the chain one thing to note here is that not all action is available for every chain and table hence the table and chain type dictates the actions available alright so that was all about the theory of IP tables I hope this had made some sense and you are now clear with the basic concept of IP table and if not don't worry I'm sure things will become a lot easier in the next video when we'll see the actual usage on a live system so stay tuned and thank you for watching this video a huge shout out to all the subscribers of XPS tech channel thank you for supporting me and thank you again for watching and I'll see you next time

Info

Channel: XPSTECH

Views: 65,757

Rating: undefined out of 5

Keywords: iptables, iptables tutorial linux, iptables explained, iptables linux, how to use iptables, iptables rules, iptables chains, live demo iptables, how to use iptables in linux, iptable tutorials, iptables concept, iptables (software), linux tutorial, linux tutorial for beginners, advanced linux tutorials, how to manage network in linux, creating a firewall with iptables, linux firewall, iptables nat, iptables centos 7, iptables tutorial

Id: vbhr4csDeI4

Channel Id: undefined

Length: 7min 52sec (472 seconds)

Published: Tue Oct 08 2019