Linux - Firewall- IPTABLES

IPTABLES


85:~# iptables -h
iptables v1.3.6

Usage: iptables -[AD] chain rule-specification [options]
       iptables -[RI] chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LFZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain            Append to chain
  --delete  -D chain            Delete matching rule from chain
  --delete  -D chain rulenum    Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]  Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum    Replace rule rulenum (1 = first) in chain
  --list    -L [chain]          List the rules in a chain or all chains
  --flush   -F [chain]          Delete all rules in  chain or all chains
  --zero    -Z [chain]          Zero counters in chain or all chains
  --new     -N chain            Create a new user-defined chain
  --delete-chain
            -X [chain]          Delete a user-defined chain
  --policy  -P chain target     Change policy on chain to target
  --rename-chain
            -E old-chain new-chain  Change chain name, (moving any references)
Options:
  --proto        -p [!] proto           protocol: by number or name, eg. `tcp'
  --source       -s [!] address[/mask]  source specification
  --destination  -d [!] address[/mask]  destination specification
  --in-interface -i [!] input name[+]   network interface name ([+] for wildcard)
  --jump         -j target              target for rule (may load target extension)
  --goto         -g chain               jump to chain with no return
  --match        -m match               extended match (may load extension)
  --numeric      -n                     numeric output of addresses and ports
  --out-interface-o [!] output name[+]  network interface name ([+] for wildcard)
  --table       -t table                table to manipulate (default: `filter')
  --verbose     -v              verbose mode
  --line-numbers                print line numbers when listing
  --exact       -x              expand numbers (display exact values)
[!] --fragment  -f              match second or further fragments only
  --modprobe=          try to insert modules using this command
  --set-counters PKTS BYTES     set the counter during insert/append
[!] --version   -V              print package version.

Xtables framework consists of ip_tables, ip6_tables and arp_tables

iptables [-t table] command [match] [target/jump] = common view of the rule

Tables :
MANGLE = to change packet header, for example TOS
NAT = to use NAT, Destination Network Address Translation (DNAT) and Source Network Address Translation (SNAT)
FILTER = all packets that we receive, go through this table, when not mentioned in the rule , this is default table.
There are three predefined chains

INPUT
FORWARD
OUTPUT

NEW — new packet, that initiates connectin
ESTABLISHED —packet from the established connection
RELATED — if a packet is related to already established connection
INVALID — wrong/damaged packet
iptables -L = view all rules
iptables -t nat = defines table to alter (input, output, forward or made by user)
iptables -A = append modification for a chain
iptables -F = delete all rules from the chain
iptables -Z = reset counters
iptables -N = create new chain
iptables -X = delete specific chain
iptables -P = change chain policy

iptables -I MyChain 5 specification = insert specification, precedeed by rule number
iptables -D /-R = delete or replace

-p = specify protocol :tcp, udp, icmp, all
-s = source
-d = destination
-i = in interface
-o = out interface
-j = jump what to do or chain
-g = goto chain

My Firewall:

#!/bin/sh
INTIF="eth1"
EXTIF="eth0"
EXTIP="85.238.XX.XX"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT 
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT 
iptables -P FORWARD DROP
iptables -F FORWARD 
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

http://wiki.openvz.org/Traffic_accounting_with_iptables
http://articles.techrepublic.com.com/5100-10878_11-1052888.html
http://www.cyberciti.biz/faq/howto-linux-configuring-default-route-with-ipcommand/ - linux router
Back when I first learned things, spoofed routing was anytime a packet claimed a source address different from it's origin. These days it is generally used to refer to any packet claiming an internal source address that has it's origin outside the network. A packet claiming to come from 192.168.0.1 or 127.0.0.1 that enters your ppp0 device is spoofed. Stuffed routing is when any local traffic is being sent out an external interface rather than remaining on the local network. You've just made your local traffic available to the world so your traffic can now be sniffed and monitored by folks on the outside. At the very least you are using bandwidth (with its associated costs) unnecessarily. If you've just sent packets with source addresses of 192.168.0.1 out the ppp0 device your routing is stuffed (and you'll never see a sign of it from the outside since those are not routable on the internet).