Embed Size (px)
DESCRIPTION
Implementation of firewall (iptables) in Perl using dialog for GUI.
Citation preview
TRAINING REPORT ON SYS - FIREWALL
Secure Your SystemA handy tool for System-Administrators
Chandra Prakash Pathak08EMTCS032Computer Science
Maharishi Arvind Institute of Engineering and Technology, Jaipur
http://chankeypathak.blogspot.com
Company Profile- Linux World
• The best awarded Red Hat partner in India.• The company has been contributing a great deal to Linux Server & Networking industry by fulfilling its need for trained manpower in the field of Linux support, Networking, System Integration & Programming.
GREEN-HORNE PROJECT (An open source operating system)
Module: SYS Firewall
What is a Firewall?
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.
How does a software firewall work?
• Inspects each individual “packet” of data as it arrives at either side of the firewall
• Inbound to or outbound from your computer
• Determines whether it should be allowed to pass through or if it should be blocked
Firewall Rules
• Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
• Block – traffic that is blocked because it has been deemed dangerous to your computer
• Ask – asks the user whether or not the traffic is allowed to pass through
What a personal firewall can do
• Stop hackers from accessing your computer
• Protects your personal information
• Blocks “pop up” ads and certain cookies
• Determines which programs can access the Internet
What a SYS firewall can do
• Authorizing users
• Limiting access for the services
• Filtering the packets
• NATing
• Masquerading
Requirements
• Linux Kernel 2.4.x or higher
• iptables
• Perl 5.6 or higher
• dialog
User interface with “dialog”
dialog --title “Linux dialog utility infobox” --backtitle “Linux shell script tutorial” --infobox “This is a dialog box called infobox,
which is used to show information on the screen, Thanks to Savio Lam and Stuart Herbert to give us this utility. Press any key…” 7 50;
Implementing iptables
• Using Perl and dialog I build a GUI version of the iptables.
Perl – For coding purposedialog – For Graphical User Interface
How does it work?
• Step 1 – Run the application (perl sys.xls)
• Step 2 – Check required packages
• Step 3 – Authenticate User (password)
• Step 4 – Main Interface
• Step 5 – Customize rules
Dropping all policies
• iptables -P INPUT DROP
• iptables -P OUTPUT DROP
• iptables -P FORWARD DROP
Block Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROPiptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
A dynamic approach
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -P INPUT DROP# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
SNAT
• For static connections.
• iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source <SERVER'S_EXTERNAL_IP>
Masquerade
• For dynamic connections.
• iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
DNAT
• iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.24:80
Extra services
• Saving rules• Logging• Exit
THANK YOU!
Any Queries?
