Placeholder Image

Subtitles section Play video

  • Hey, guys, what's up?

  • Welcome to experience Tech.

  • I'm Vineet and this is second part off my two part series on I P tables, which is the next tool to create custom firewall in part one, recovered the basic concept behind the usage of high P tables and in this video will understand the commands in texts and check out how to use I p table on a live system.

  • So if you haven't watched part one, I highly recommend you first.

  • Watch that and then come to this video that would make this video very easy to understand.

  • All right, so let's start today's video.

  • Okay, so right now I am on dip in the next 15.11 which is the latest version off depend Lennox to use I be tables.

  • You just open terminal and start typing.

  • I be table commands, withdrew permission.

  • And that's all you have to do to set up your custom firewall.

  • For example, a very simple I pitiable command is to list out the D for table.

  • The command for that is I p tables dash uppercase l dash and dash re here l stands for list that is to list out the table and is for numeric format, and V is forward both.

  • So since I have not mention any specific table name, it gives the result for the different table, which, as we discussed in the previous video, is the filter table.

  • You can list out other tables also by specifically mentioning the table name using the lower case T option.

  • So, for example, to list out mangle table type I P tables, Dashti mangled and then dash capital l Dash and Dash three.

  • And now I get the mangle table listed.

  • Noticed that this in Texas Viper table is case sensitive.

  • So uppercase a and lower case A has different meaning, so keep that in mind.

  • All right, now, let's quickly understand the output off this command.

  • Now.

  • As discussed in the previous video, the filter table has three chains in put forward and output.

  • The default policy off every chain in I P table is to accept all traffic.

  • Then you have the packet and bite counters.

  • The table below shows the rule in that chain.

  • Presently, we have not made any rule.

  • Hence, the table is empty, but let's look at the different columns off the table packets and bites are just the Countess Target.

  • Is the action competent off the rule, which we'll look in detail in this video B r o d brought is the protocol Opt his i p options in and out is the input and output in the face source and destination is the source I p and destination I p address.

  • All right, so now let's look at this in text off high P tables in detail.

  • For the sake of understanding, I have divided this in text into four section.

  • So the command is I p tables, dash Lord Christie and then cabling gas options and then name of the chain.

  • Then you have the matching competent and at last, is the action competent.

  • Now let's go through them one by one.

  • So four section is the table name.

  • So here you can give name off any off the five available tables in I'd be tables.

  • The deformed table is filled your table.

  • So when you skip this part, the rule will be applied to the filter table.

  • Next section deals with chains.

  • So here you select the change.

  • You want the rule to apply the available chain will depend on the table you have selected in Section one, for example.

  • For filter table, you have three chains, but for mangle table, you have five chains available.

  • The options part gives you control on how to modify the chain here, all the options available.

  • These are pretty self explanatory, but let's just quickly go through them.

  • Also, all the options in this section are used in uppercase, so you have a for A pending the rule in the chain D to delete the chain I to insert that is 20 The packet and buy It counters P is for policy and is used to rename the chain will use some of these options when we do the live demo.

  • Okay, now let's move to the third section, which is the matching component that this is the important part where you give a condition.

  • If the condition is true, take the action else moved to the next rule in the chain, for example, if source I p address is se X y Z, then reject the packet or if the destination port is, say, 22 then drop the packet.

  • So, in a sense, this provides the main function off a firewall to filter than a drug traffic.

  • Now there's a huge list off perimeters available for matching, and it will not be possible for me to go through all of them.

  • But let's go to some of the important ones to check out all the supported perimeters.

  • You can go to this really great website which gives an in depth information on I P tables options.

  • The link is available in the description.

  • All right, So the perimeters are broadly divided into three times generate, implicit and explicit.

  • And the Gen.

  • Rick options are B for protocol s for source I p.

  • Address D For desperation, I p address I for inputting interface offer output in the face.

  • Next is the implicit matches, which is based on protocol like 40 sippy.

  • You have esport and deport that is sore sport and destination port.

  • Similarly, you have options for ICMP and you tippy.

  • The last is the explicit matches.

  • Now here you use match extension and the option to use explicit matches is lower case and the dash M option gives you a huge number of perimeters and you can make really complex firewall by combining these.

  • However, I'm not going to go over on these extensions toe.

  • Keep this video short and simple, but all the explicit extensions are available in the website that I mentioned before.

  • We can check that out, though the last section is the action competent now this is really simple.

  • Here you specify the action to perform.

  • If the matching condition is true in case of I P tables, the action to do is to jump tow either a specific rule or a change within the same table.

  • Hence you use Dash J option.

  • The two basic target to jump is accept and drop target.

  • These to target when given, will stop the further reversal off rule.

  • In that scene.

  • There are other targets where the package will continue to travels, so the next rule within the same chain, for example, log and to deal options.

  • Now the available options for action components depends on the table we're dealing with Nat or Mangel.

  • Table has few more options.

  • Specifications those table compared to filter table but falling are the most basic and most used options except is to accept the packet and end traversing.

  • Drop is to drop the packet and an traversing reject This is similar to drop, but here and ICMP reject response.

  • Packard is sent to the source and the last is return.

  • Now this is to stop back in Trevor's in that sub chain and return to the superior chain with no effect.

  • All right, so now that we have a fairly detailed understanding off I p table syntax, let's now go to a life system and try out some examples off this command.

  • Or is it?

  • This is my depend machine.

  • Let me first show you the current state off the filter table.

  • The command for that is I p tables, dash capital L and and V typing the root password.

  • And as you can see, the filter table is currently empty.

  • We have not made any rule yet.

  • No, let me also open up the browser and show you that the Internet is also working to youtube dot com is working fine.

  • Now let's add a rule to block a particular website, which is the most popular feature off any firewood.

  • So let's say we want to block the I 80 Bombay website.

  • The address for the artist I 80 b dot etc dot in this is the website that we want to block not to do that.

  • Type in the command SUDOL.

  • I'd be tables dash if toa upend a rule in the input chain.

  • Dash s for source.

  • You can mention the I P address or you can also give the demeaning.

  • So it's I t be dot a si dot in give us space Dash J jump too.

  • Drop to block the packet.

  • You can also use the reject target as well.

  • No press enter?

  • No.

  • If we look at our filter table as you can see, the rule has been added.

  • It has also done the domain name resolution and pull out the I P address off this particular domain name.

  • Now let's try toe open I 80 Bombay website again.

  • That society be not a C daughter Now, as you can see, the website is not opening.

  • It has been blocked.

  • All right.

  • Now, to delete this particular rule from the feature table, we use the option Dash D.

  • So the command is pseudo i P tables, Daph D input gene Sorry input and then the rule number.

  • And this is the first rule to a tie pin number one and press enter no.

  • If we drank tea status off filter table, the rule has been successfully deleted and the website is again walking.

  • Not this sort of blocking is recommended for Ah small website which have only one server.

  • But for a large website like Google or YouTube or facebook dot com, this method may not work because they have multiple servers with multiple i p address.

  • It will not be possible for you to get the i P addresses off all their servers, so this method is not recommended in such scenario.

  • But in that scenario, what you can do is you can change the policy to draw and then one by one ad website that you want to allow for your users.

  • So to change the policy to drop on the packets, type in pseudo I p tables Dash B for policy The name of the chief.

  • Sorry, the name off the chain input.

  • And then the policy is drop, not press enter.

  • No, I feel Look at the filter table.

  • As you can see, the input policy has been changed to drop.

  • No, If we try to open a website, let's say youtube dot com or say google dot com or any other websites.

  • If he's book, don't go so it will not work.

  • So in the entire network is right.

  • No blogged.

  • Now what you can do is you can one by one ad website to the table.

  • All right.

  • Now, to change the policy back to accept just instead of drop type except and press enter.

  • No, the traffic should work.

  • And yes, all the websites are now loading up.

  • All right, so that was all.

  • Similarly, you can try out some of the other commands that we discussed in this video are.

  • So that was all for today.

  • I hope you're clear with ivy table stool.

  • It is a very powerful tool and something that you must know as at once to Lennox User.

  • All right, so thank you all for watching this video.

  • If you like this video kindly Presto.

  • Like Britain.

  • If you have any commence addition or feedback, do tied that in indica mint box and a huge under tow.

  • All the subscribers off experience, texture Thank you for your support and thank you again for watching.

Hey, guys, what's up?

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it