Firewall - Iptables

Lab 1
Purpose: perform basic tasks on systems firewall.
Procedure:
To list the current content of filter table:
[root@alexrh ~]# iptables --list
It is possible to liste rule line number also:
[root@alexrh ~]# iptables --list --line-numbers
Try -v(vv) options also.
Note: connections can be tested with nc (netcat tool)
To add a rule for new http connections:
[root@alexrh ~]# iptables -A INPUT -p tcp -m state --state NEW --dport
80 -j ACCEPT
To delete the newly added rule:
[root@alexrh ~]# iptables -D INPUT -p tcp -m state --state NEW --dport
80 -j ACCEPT
To insert the rule in a specific position:
[root@alexrh ~]# iptables -I INPUT 5 -p tcp -m state --state NEW -dport 80 -j ACCEPT

Lab 2
Iptables example:
iptables -P FORWARD DROP
iptables -P INPUT DROP

# Always accept loopback traffic

iptables -A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state state
ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT