Saving and Restoring iptables Rules
The iptables package comes with two more tools that are very useful, specially if you are dealing with larger rule-sets.
These two tools are called iptables-save and iptables-restore
Firewall rules are only valid for the time the computer is on; so, if the system is rebooted, the rules are automatically flushed and reset.
To save the rules so that they are loaded later, use the following command:
/sbin/service iptables save
The rules are stored in the file /etc/sysconfig/iptables and are applied whenever the service is started or restarted, including when the machine is rebooted.
#iptables-save -c > /etc/iptables-save
The above command will in other words save the whole rule-set to a file called /etc/iptables-save with byte and packet counters still intact.
Example
Save current iptables firewall rules:
# iptables-save > /root/iptables-save
To restore iptables rules:
# iptables-restore < /root/iptables-save
Tags: iptables, Restoring, Rules, Saving
Basic iptables Firewall policies (-P)
The following rules block all incoming and outgoing packets on a network gateway:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Forwarded packets denied. To do this, use the following rule:
After setting the policy chains, you can create new rules for your particular network and security requirements.
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules. iptables uses policies (-P) to create default rules.
Tags: Basic, firewall, iptables, policies (-P)
Creating mysql user and then setting password for user.
mysql> create user @localhost;
mysql> SET PASSWORD FOR r@localhost=PASSWORD(”);
How to set up password for mysql root user.
mysql> SET PASSWORD FOR root@localhost=PASSWORD(’);
In the below eaxmple, database and user is the same - serverbuddies
mysql> create database serverbuddies;
How to give permission to user - serverbuddies.
mysql> grant INSERT,SELECT on root.* to serverbuddies@localhost;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on serverbuddies.* to serverbuddies@localhost;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on serverbuddies.* to serverbuddies;
The next example has user as admin and databses as ubuntu.
mysql> create database ubuntu;
Setting permission to user admin for the database ubuntu.
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on ubuntu.* to admin@localhost;
mysql> grant CREATE,INSERT,SELECT,DELETE,UPDATE on ubuntu.* to archive;
mysql> exit
How to take mysql remote and local backup.
Doing Remote Mysql databse Backup:
`which mysqldump` -h -uusername -ppassword –opt database > /filename.sql
Local Host mysql Backup:
`which mysqldump` -uroot -ppassword –opt database > /filename.sql
Tags: databases, mySQL, Working
iptables Overview
iptables features advanced logging, pre and post-routing actions, network address translation, and port forwarding all in one command line interface.
Using iptables
The first step in using iptables is to start the iptables service.
This can be done with the command:
The ip6tables services should be turned off to use the iptables.
service ip6tables stop
chkconfig ip6tables off
To make iptables start by default whenever the system is booted, you must change runlevel status on the service using chkconfig.
chkconfig –level 345 iptables on
The syntax of iptables is separated into tiers. The main tier is the chain. A chain specifies the state at which a packet is manipulated. The usage is as follows:
iptables -A chain -j target
The -A option appends a rule at the end of an existing ruleset.
The chain is the name of the chain for a rule.
The three built-in chains of iptables (that is, the chains that affect every packet which traverses a network) are INPUT, OUTPUT, and FORWARD.
The -j target option specifies the location in the iptables ruleset where this particular rule should jump. Some built in targets are ACCEPT, DROP, and REJECT.
Tags: iptables, Overview
Firewalls the core components of a network security implementation
Firewalls can be standalone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall.
There are also proprietary software firewall solutions developed for home and business markets by vendors such as Checkpoint, McAfee, and Symantec.
Firewalls function:
NAT
Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several.
Packet Filter [iptables]
A packet filtering firewall reads each data packet that passes within and outside of a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator.
The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
Proxy
A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
Netfilter and iptables
The Linux kernel features a powerful networking subsystem called Netfilter. The Netfilter subsystem provides stateful or stateless packet filtering as well as NAT and IP masquerading services. Netfilter also has the ability to mangle IP header information for advanced routing and connection state management. Netfilter is controlled through the iptables utility.
Examples:
iptables - administration tools for packet filtering and NAT
shorewall - Shoreline Firewall, netfilter configurator - transitional package
Tags: Components, core, Firewalls, implementation, Network, Security
