Packet Filtering

Question 1

Outline briefly the three main functions provided by a Packet Filter in Linux

Answer 1

Control
– Allow only those packets that you are interested
to pass through.

Security
– Reject packets from malicious outsiders

Watchfulness
– Log packets to/from outside world

Question 2

Which firewall chain is used in IPTABLES for packets that are NOT destined for a local prcess running on the device itself?

Answer 2

The FORWARD chain

Question 3

Explain in detail the purpose of the following rule that is defined using IPTABLES format

iptables -A FORWARD –p tcp –s 93.107.200.110 –syn –j DROP

Answer 3

This rule is adding a new rule to the FORWARD chain stating that all connection requests passing through from 93.107.200.110 using tcp should be dropped.

Question 4

Explain in detail the purpose of the following rule that is defined using IPTABLES format

iptables -A PREROUTING -t nat -p icmp -d 137.189.89.176\ -j DNAT –to 137.189.89.178

Answer 4

This rule is appending a new rule to the PREROUTING chain and specifically to the nat table. All icmp packets destined for X should be redirected to Y instead.

Question 5

What is the difference between DNAT and SNAT in iptables?

Answer 5

DNAT changes destination address in packets passing through network
Changes public IP to private IP.

SNAT changes source addresses in packets passing through network.
Changes private IP to public IP

Question 6

When configuring firewall rules for IPTABLES, what do the following mean?

• A , -I, -D
• t, -i, -p, -j

Answer 6

• A; Append a new rule to
• I: Insert a new rule at a certain point in chain
• D: Delete a rule from chain
• t: - Table to add rule to
• i: Input interface
• p: Specifiying protocol
• j: Jump target - Specefies which chain to jump to