1 Department of Information Technology, Kermanshah Science and Research ... sults show that CPU-GPU accelerated code brings significantly higher through- .... Packet flow in Netfilter and the position of our CPU-GPU user-space program.
Firewall IPTABLES. O que é um Firewall? Um firewall é uma barreira inteligente
entre duas redes, através do qual só passa tráfego autorizado. Este tráfego é ...
... Pocket Reference: Regular Expressions for Perl, Ruby, PHP, Python, C, Java and . ... Server Security from TLS to Tor
When it pertains to a specific distribution (say RedHat or Debian), ...... But it is yet to become the official member of GNOME i18n distribution. In order to use them ...
This document will help set up a working Tamil Linux environment. This
describes setting up fonts, keyboard drivers, editing and printing Tamil/bilingual ...
is one of the largest Linux related dictionaries currently available. ... that if you
wish to find a 'Computer Dictionary' then see the 'Computer Dictionary Project' at.
Dec 18, 2003 ... In it's simplest form, u32 grabs a block of 4 bytes starting at Start, ... To read this
off from left to right: "Load the u32 module, and perform the ...
Page 1 of 1. Packet in. PREROUTING chain. mangle table (-t mangle). PREROUTING chain. nat table (-t nat). Kernel routing
Iptables Tutorial 1.2.2. Oskar Andreasson [email protected] ..... Where to get
iptables .................................................................. .... Basics of the iptables command .
A stateful firewall. Iptables. Ta Vinh Thong [email protected]. Laboratory of
Cryptography and Systems Security. Department of Telecommunications.
Budapest ...
Nov 11, 1999 - ample, we uncovered a âthundering herdâ problem in the accept system call. A few dozen lines of code corrects this behavior to awaken only ...
Our operating system (OS) knows also about this problem, the tasks to be ... does
not have more than 24 hours per days to execute his task, an OS has only a
limited number of .... [1] Operating System, Deitel Deitel Choffnes. Third edition ...
Iptables Tutorial 1.2.2. Oskar Andreasson [email protected] ..... Where to get
iptables .................................................................. .... Basics of the iptables command .
The Pocket Linux Guide is for anyone interested in learning the techniques of
building a ... After completing the Pocket Linux project, readers should possess
an.
The "Linux Administration Made Easy" (LAME) guide attempts to describe day−to
−day ...... variety of document formats, including HTML, postscript, Rich−Text−
Format, and PDF. ...... Passwords do not echo to the screen when you enter them.
Ce Mini-HOWTO de Linux décrit comment prévoir et organiser l'espace disque
de votre syst`eme Linux. ... 4.1 Un mod`ele `a suivre pour débutant ambitieux .
This document describes how to use Thai language with Linux. ... ISO−8859−1
character set, but it does not mean those applications support Thai language.
document tries to outline the process of setting up Bangla support in FLOSS ... A
copy of the license is located at http://www.gnu.org/licences/fdl.html . 1.3.
This document describes Linux i386 boot code, serving as a study guide and
source commentary. In addition to C−like .... 3. linux/arch/i386/boot/bootsect.S..
Hardware compatibilities issue. .... 2.1 Hardware that not compatible with Linux.
... This document explains installation of Linux on Sony VAIO computers. 1.
paedML. ®. Linux 4.x für schulische Netzwerke. Installationsanleitung zur
Fernüberwachung (paedML® Plus-Paket) in der paedML Linux 4.x. Stand: 04.06.
2009 ...
the non−technical aspects of free software project management and was written
...... Eric S. Raymond writes about how free software projects start in his essay, ...
CSE497b Introduction to Computer and Network Security - Spring 2007 -
Professor Jaeger. Project 4 - Linux iptables. CSE497b - Spring 2007. Introduction
...
Project 4 - Linux iptables CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Project Goals • Specify iptables rules for your Playpen VM – for the INPUT chain only
• Sources – Write rules for interaction with 2 machines • 130.203.83.76 • 130.203.83.75
• Rules – Prevent all UDP – Permit ICMP (ping), but limit message size • 1000 bytes from 75 and 10000 bytes from 76
– TCP • 130.203.83.75 sends to specific ports (no one else can use) • 130.203.83.76 sends to specific ports (no one else can use) • Also, some content filtering of packets CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Project environment • ICMP via ping – We will submit ping requests to your Playpen – Only allowed ones should result in a response
• TCP via nc – – – –
nc for netcat nc -l -p creates a server nc -p connects a client We supply the server program, client program • and expected output
• Due April 20 at 5:00 – A bash script containing a sequence of iptables rules – Need to have the server program running at this time, so we can test! CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Practical Firewall Implementations • Primary task is to filter packets – But systems and requirements are complex
• Consider – All the protocols and services – Stateless vs. stateful firewalls – Network function: NAT, forwarding, etc.
• Practical implementation: Linux iptables – http://www.netfilter.org/documentation/HOWTO/packetfiltering-HOWTO.html – http://linux.web.cern.ch/linux/scientific3/docs/rhel-rg-en-3/ ch-iptables.html CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Netfilter hooks • Series of hooks in Linux network protocol stack • At each Netfilter hook – An iptable rule set is evaluated • Hook placements
Preroute
Routing
Input
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Forward
Postroute
Output
Page
iptables Concepts • Table – All the firewall rules
• Chain – List of rules associated with the chain identifier – E.g., hook name
• Match – When all a rule’s field match the packet (protocol-specific)
• Target – Operation to execute on a packet given a match
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
iptables Commands • iptables [-t ] • Commands – Append rule to end or specific location in chain – Delete a specific rule in a chain – Flush a chain – List a chain – Create a new user-specified chain – Replace a rule
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Test it out • PING on localhost – ping -c 1 127.0.0.1 • Add iptables rule to block – iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP • Try ping • Delete the rule – iptables -D INPUT 1 – iptables -D INPUT -s 127.0.0.1 -p icmp -j DROP – iptables -F INPUT
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Testing • Use loopback to test the rules locally on your Playpen – IP address 127.0.0.1
• ICMP – submit ping requests to 127.0.0.1 as above
• TCP – submit requests to 127.0.0.1 at specific port – server • nc -l -p 3750 • listen at port 3750
– client • nc -p 3000 localhost 3750 • send from port 3000 to localhost at port 3750 CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
WARNING! • Be careful! – You can lock yourself out of your Playpen
• Only write rules for the target IP addresses – localhost, 130.203.83.75, and 130.203.83.76
• Do not write any rules containing ssh • We will have to restart your Playpen if you lock yourself out (not available 24/7)
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Targets • Define what to do with the packet at this time • ACCEPT/DROP • QUEUE for user-space application • LOG any packet that matches • REJECT drops and returns error packet • RETURN enables packet to return to previous chain • passes packet to that chain
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
iptables Rule Parameters • Destination/Source – IP address range and netmask
• Protocol of packet – ICMP, TCP, etc
• Fragmented only • Incoming/outgoing interface • Target on rule match
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Per Protocol Options • Specialized matching options for rules – Specific to protocol
• TCP – Source/destination ports – SYN – TCP flags
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Examples • iptables -A INPUT -s 200.200.200.2 -j ACCEPT • iptables -A INPUT -s 200.200.200.1 -j DROP • iptables -A INPUT -s 200.200.200.1 -p tcp -j DROP • iptables -A INPUT -s 200.200.200.1 -p tcp --dport telnet -j DROP • iptables -A INPUT -p tcp --destination-port telnet -i ppp0 -j DROP
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
Page
Match • Different means for matching packet content • Lots of different modules – Only a few supported on your Playpen (lucky you)
• To specify a match – iptables -A INPUT -p tcp -m string --algo bm --string ‘exe’ • matches to packet with content containing ‘exe’
– iptables -A INPUT -p tcp -m length --length 10:100 • matches to packet with length between 10 and 100 bytes • Also, can specify ‘greater than 10’ by 10:
• There are many others, but these are what you’ll need to know
CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger
![PDF[EPUB] Linux iptables Pocket Reference (Pocket ... - Google Sites](https://m.moam.info/img/260x300/pdfepub-linux-iptables-pocket-reference-pocket-goo_64789bdd097c4737708cfe0d.jpg)
