Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Utilizing ipchains for Network Security and Traffic Management

Calendar Aug 14, 2000 User Avatar Anthony Pell
2 - 3 min read
General Esm H500
Topics%20covered

Topics Covered

network security security management firewall packet filtering ipchains defensive strategy
The first step to securing any network is a strong, defensive firewall. To secure a network, a firewall is probably the most common and the most basic step. A firewall works by checking packets against a set of rules and blocking all packets that don't pass the rules.

Firewall capabilities are usually built into the Linux kernel. The firewall rule set is created with the program /sbin/ipchains.

The best philosophy for a firewall rule set is to be as defensive as possibly. The rule set should block everything first, then only allow the services needed.

Use

First, to use ipchains, running as root is required. Here is an example first rule that blocks all input from ports 0 to 7000. 
  /sbin/ipchains -A input -s 0.0.0.0/32 0:7000 -j DENY

Now, allow the services that are needed. In this example, connections to port 80 on Ethernet card "eth1" will be allowed and also logged. 

  /sbin/ipchains -A input -s 0.0.0.0/32 80 -p TCP --interface eth1 -j ACCEPT -l

Also, blocking output might be necessary. To block the infamous Napster: 

  /sbin/ipchains -A output -d 0.0.0.0/32 4444 -j DENY -l
  /sbin/ipchains -A output -d 0.0.0.0/32 5555 -j DENY -l
  /sbin/ipchains -A output -d 0.0.0.0/32 6666 -j DENY -l
  /sbin/ipchains -A output -d 0.0.0.0/32 7777 -j DENY -l
  /sbin/ipchains -A output -d 0.0.0.0/32 8888 -j DENY -l

To see the complete rule set for ipchains, run: 

  /sbin/ipchains --list

For more information, read man ipchains.

Once a rule set is created, it is stored in the memory. Because of this, a rule set will not survive a reboot. To keep a rule set after a reboot, run: 

  /sbin/ipchains-save > $IPCHAINS_CONFG

where $IPCHAINS_CONFIG is the same as it is in /etc/rc.d/init.d/ipchains, usually /etc/security/ipchains. Another way to automatically reset the rule set after a reboot is to add this to /etc/rc.d/rc.local. 

  /sbin/ipchains-restore < /etc/security/ipchains

This is assuming that /etc/security/ipchains is where the rule set file made with ipchains-save is.

More Information

Many excellent documents exist on setting up firewalls using ipchains.

  • The first place to look is the Firewall-HOWTO.
  • Another document worth looking at is IPChains and Firewalling.
  • Finally, O'Reilly has an excellent book on firewalls called "Building Internet Firewalls," available here.
Your message here