To implement and test a simple personal Linux firewall.
-
Permit inbound/outbound ssh packets (port 22).
-
Permit inbound/outbound www packets (ports 80, 443).
-
Drop inbound traffic to port 80 (http) from source ports less than 1024.
-
Drop all incoming packets from reserved port 0 as well as outbound traffic to port 0.
-
Create a set of user-defined chains that will implement accounting rules to keep track of www, ssh traffic, versus the rest of the traffic on your system.
-
allow DNS and DHCP traffic through so that your machine can function properly.
The assignment is composed of a bash script that will setup a netfilter firewall as per the assignment requirements utilizing the iptables management app. Setup will follow the guidelines provided in the text “Linux Firewalls 3rd edition” from chapter 4.
The project was scripted in a Bash Script using iptables for a Fedora 22 environment. The script has several user defined variables which need to be adjusted as per the network setup. These are at the top of the script. Six user defined chains were created so that SSH and WWW traffic could be accounted for against all other accepted traffic.
Extract the submitted zip file on the respective host machine and navigate to the “Firewall” folder. As root run the firewall.sh script with the following command line:
./firewall.sh
If you wish to reset the firewall to accept all run the script with the “stop” parameter:
./firewall.sh stop
Method: iptables -L -v -n -x
Result: Valid
Method: host -t a bcit.ca
Result: Valid
Method: dhcping -s “DHCP Server IP”
Result: Valid
Method: hping3 “Firewall IP” -S -p 22 -c 3
Result: Valid
Method: Visit www.bcit.ca to check HTTP and www.google.ca to check HTTPS.
Result: Valid – Screen shots omitted to save space.
Method: hping3 “Firewall IP” -S -p 80 -c 3
Result: Valid
Method: hping3 “Firewall IP” -S -p 443 -c 3
Result: Valid
Method: ssh “firewall ip”
Result: Valid
Method: ssh “outside ip”
Result: Valid
