Module 04: Network Perimeter Security

2 Hr 11 Min Remaining
Instructions Resources Help 100%
Exercise 5: Implementing Host-based Firewall Protection with
iptables

Iptables is a command-line firewall utility that uses policy chains to allow or block traffic.

Lab Scenario

As a network defender, you should know how to configure an iptables host-based firewall to allow or
block traffic to or from a Linux system. Iptables allow network defenders to enter firewall rules into
the existing tables using the command line.

Lab Objectives

This lab will demonstrate how to configure an iptables host-based firewall in an Ubuntu machine.

Overview of iptables

iptables is a standard firewall included in most Linux distributions. With the default chain policies
configured, you can start adding rules to iptables, so that it knows what to do when it encounters a
connection from or to a particular IP address or port.

Lab Tasks

If you have already launched Smoothwall Firewall and AD Domain Controller in the previous exercise,
skip steps from 1 to 8.

1. Click Smoothwall Firewall to launch SmoothwallFirewall VM.

2. Type the password toor and press the Enter button.
3. Press Tab button twice to navigate Done button and press Enter.
4. Wait for few seconds to load the smoothwall express. The smoothwall login screen
appears and leave smoothwall running.

5. Click AD Domain Controller to launch ADDomainController VM.

6. Click Ctrl+Alt+Delete link to login to ADDomainController.
7. By default CND\Administrator account is selected. Click Pa$$w0rd and
press Enter to login.
8. The network screen appears. Click Yes.
9. Click Operation Dept to launch OperationDept VM.
10. Select User Smith and type password user@123 press the Enter button.
11. Click Skip button to skip connect to online Account window. Click Next in the
window to move to the next window. Click Finish to complete the wizard.
11. Open the Firefox web browser, type www.google.com in the URL, and press Enter.
12. Smith is able to access the website, which implies that Smith has internet access. A
network defender can block internet access on the user machine using iptables.
13. Press ALT + CTL + T to open the terminal, type the sudo su command for the root
user, and press Enter.
14. When prompted for the password, type the password for the root user (here
the root user password is user@123), and hit Enter.
15. Next, to identify the user ID for Smith, type id smith in the terminal and press
the Enter button. The user id displays as shown in the screenshot
16. Note down the user id (uid) for Smith (here 1001).
17. Further, we use the iptables command for network management activity.
18. Type iptables -L and press Enter to check the existing rules for users.
19. No rules exist currently. Next, we will create a new rule with the following command
for the user Smith.
20. Type iptables -A OUTPUT – o eth0 -m owner --uid-owner 1001 -j DROP as
shown in the screenshot below, and hit Enter.
21. The rule will be applicable only for the user Smith who has 1001 as the UID, as we
have already noted.
22. Test the Internet connection to check whether or not the iptables rule is applied.
23. Open the browser, type www.google.com, and press the Enter button.
24. As the screenshot below shows, the website is not accessible to the user.