LinuxCBT.com

Syllabus

Focus: IPTables Firewall Implementation

Duration: 12-Hours

  • Firewall Security - Module III

    • Intro IPTables
      • Discuss key IPTables concepts
      • OSI Model discussion
      • Determine if IPTables support is available in the current kernel
      • Identify key IPTables modules and supporting files
      • Explore and examine the default tables
      • Learn IPTables Access Control List (ACL) syntax
      • Discuss ACL management
      • Learn to Save & Restore IPTables ACLs
    •  
    • IPTables - Chain Management
      • Explore the various chains in the default tables
      • Discuss the purpose of each chain
      • Examine packet counts & bytes traversing the various chains
      • Focus on appending and inserting new ACLs into pre-defined chains
      • Write rules to permit common traffic flows
      • Delete & Replace ACLs to alter security policy
      • Flush ACLs - reset the security policy to defaults
      • Zero packet counts & bytes - bandwidth usage monitoring
      • Create user-defined chains to perform additional packet handling
      • Rename chains to suit the security policy/nomenclature
      • Discuss & explore chain policy
    •  
    • IPTables - Packet Matching & Handling
      • Explain the the basics of packet matching
      • Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
      • Explore the multi-homed configuration
      • Block traffic based on untrusted (Internet-facing) interface
      • Perform packet matching/handling based on common TCP streams
      • Perform packet matching/handling based on common UDP datagrams
      • Perform packet matching/handling based on common ICMP traffic
      • Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
      • Discuss layer-3/4 IPTables default packet matching
      • Discuss default layer-2 behavior
      • Increase security by writing rules to match packets based on layer-2 addresses
    •  
    • IPTables - State Maintenance - Stateful Firewall
      • Discuss the capabilities of traditional packet-filtering firewalls
      • Explain the advantages of stateful firewalls
      • Examine the supported connection states
      • Identify key kernel modules to support the stateful firewall
      • Implement stateful ACLs & examine traffic flows
    •  
    • IPTables - Targets - Match Handling
      • Discuss the purpose of IPTables targets for packet handling
      • Write rules with the ACCEPT target
      • Write rules with the DROP target
      • Write rules with the REJECT target
      • Write rules with the REDIRECT target
      • Confirm expected behavior for all targets
    •  
    • IPTables - Logging
      • Explore Syslog kernel logging configuration
      • Define Access Control Entry (ACEs) to perform logging
      • Explain the key fields captured by IPTables
      • Log using user-defined chain for enhanced packet handling
      • Log traffic based on security policy
      • Define a catch-all ACE
      • Use ACE negation to control logged packets
      • Label log entries for enhanced parsing
    •  
    • IPTables - Packet Routing
      • Describe subnet layout
      • Enable IP routing in the kernel - committ changes to disk
      • Update routing tables on the other Linux Hosts on the network
      • Update the Cisco PIX Firewall's routing tables
      • Test routing through the Linux router, from a remote Windows 2003 Host
      • Focus on the forward chain
      • Write ACEs to permit routing
      • Test connectivity
    •  
    • IPTables - Network Address Translation (NAT)
      • Discuss NAT features & concepts
      • Discuss & implement IP masquerading
      • Define Source NAT (SNAT) ACEs & test translations
      • Create SNAT multiples
      • Implement Destination NAT (DNAT) ACEs & test translations
      • Define DNAT multiples
      • Create NETMAP subnet mappings - one-to-one NATs
    •  
    • IPTables - Demilitarized Zone (DMZ) Configuration
      • Describe DMZ configuration
      • Write Port Address Translation (PAT) rules to permit inbound traffic
      • Test connectivity from connected subnets
      • Configure DMZ forwarding (Routing)
      • Implement Dual-DMZs - ideal for n-tiered web applications
    •  
    • IPTables - IPv6
      • Explore IPv6 configuration
      • Peruse IPv6 IPTables management tools
      • Log and Filter ICMPv6 traffic
      • Log and Filter TCPv6 traffic
      • Log and Filter UDPv6 traffic
      • Use 'nping' to generate IPv6 traffic for analysis
      • Create IPv6 Sub-Chains to manage rules
      • Evaluate results
    •  

LinuxCBT Firewall Edition

  •  
DEMO