iptables is a command-line utility built for managing firewalls on Linux machines. It is used to configure IP packet filter rules. In other words, iptables is used to control inbound and outbound traffic at an IP- and port-level on a computer.
Let's look at some examples.
Below are some sample filter commands we can create with the iptables CLI.
# Create a new iptable policy allowing outgoing TCP traffic from example.com
$ iptables -A OUTPUT -p tcp -d example.com -j ACCEPT
# Create a new iptable policy blocking ALL incoming traffic to port 22 (SSH)
$ iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROPWhy would we want to use iptables? We may need to control access to a web server, serving HTTP content on port 80. Hence, we can open port 80 to all traffic. Another scenario may be granting limited access to SSH on port 22, restricting it to certain IP addresses or none at all.
See the iptables Linux man page for a more detailed explanation on the CLI. Tools that are similar to iptables worth exploring are firewalld and ufw.
The Internet Control Message Protocol (ICMP) is a protocol that network devices (e.g. routers) use to diagnose network communication issues. The main purpose of ICMP is for reporting errors and sending operational information about the success or failure of commucating with another host. ICMP is a network layer protocol.
The ping command uses ICMP under the hood. Ping sends echo request packets to the target host and waits for an ICMP echo reply. The target host will respond with program report errors, packet loss, and operational information such as how long it took for the packet to do a round-trip.
The concept of ICMP flooding or ping flooding involves an adversary attempting to overwhelm a network device with ICMP echo-request packages. This prevents other legitimate devices from communicating with the ICMP service.
| « Previous week | Next week » |