VehiclesFashionRecipesBlogsHuntTravelsSportFunHandmadeITEducation
Mini-Games
x

x
zakruti.com » IT - Software » IT, programs, coding
How to Set Up a Firewall Using Iptables - SSH Tarpit - Chris Titus Tech

How to Set Up a Firewall Using Iptables - SSH Tarpit - Chris Titus Tech

FBTwitterReddit

video description

Rating: 4.0; Vote: 1
How to Set Up a Firewall Using Iptables - SSH Tarpit - Chris Titus Tech In this video, I go over how to set up a firewall on Linux using the built-in iptables that is in every Linux distribution. SSH Tarpit is something many people miss
Date: 2022-03-21

Comments and reviews: 10


I'd point out that you can't trust the firewall above you. Our firewall server went down and everything was just passed on through until it was fixed and back up, the firewall on my web servers (the're really MY servers, the company just thinks they're theirs) had to take over and it instantly started throwing out attempts at pretty much whatever you can imagine as fast as it could. Ufw is a great interface to iptables, far easier to deal with in my opinion but it is an intermediary so if you can deal directly with iptables and not have the ufw service running that's one less link in your chain. You really didn't explain how to remove rules in iptables or add bad guys to the table or figuring out that bad guys are actually trying to do bad things, and that's more important than just setting one up and forgetting you have it, you have to be vigilant in watching those logs both manually DAILY and with something like jail2ban watching constantly and locking the bad guys out when they show up, and you have to know the good guys tried to get in and got locked out for some reason so you can let them back in. Whether you're using ufw or using iptables directly, watch those logs boys and girls, they're there for a reason. As far as ssh, I always set my own port for every server and a different port for every server. Keeps the attempts down and .ssh/config makes it easy.
reply

To keep reaction times of the netfilter short, I usually put rules for reply packets as well as established or related connections quite early into the chains and only later on add rules to accept new incoming connections.
While it usually doesn't do much pain if a client has to wait a bit for netfilter to process the initial SYN packet, once the connection has been established, processing runs significantly quicker. Plus you'd also want to add rules to both the PREROUTING and the OUTPUT chains of the raw table that exempt traffic to the loopback device from being conntracked, thereby reducing the overhead. Since localhost traffic (127.0.0.1 or ::1 depending on which variant of IP you are using) isn't routed, there's no need to keep track of the packets.

reply

I think you should not install arch packages with -Sy (one of the arch support guys in the arch irc told me that). You should either install with -S or first do sudo pacman -Syu and then install with just -S. Reason is that by doing -Sy you are installing the latest package, when the rest of your system is built on older packages from the last time you ran sudo pacman -Syu. And you should never just run sudo pacman -Sy either. Obviously all the same applies if using if using an AUR helper like yay. Sorry my memory is not 100%, but I hope I'm not making a mistake with what I wrote.
reply

I like you, but sometimes your advice just doesn't work.
I have a Linux Mint computer, and the command systemctl enable iptables doesn't work. I did everything else, and I am glad it was on a VM running Linux Mint instead of my main computer running the same OS, since that seemed to yield unexpected results. A reboot seems to have reset everything back in order, but how can I be sure? This is the second time your advice on settings in Linux didn't work.

reply

I have no experience with Debian 10. I have recently installed it to use it as a lab. I looked up information on the Internet on how to DISABLE Debian firewall, but all I have found are articles on how to set a firewall on Debian. I have noticed that neithe ufw nor firewall-cmd are found. Does it mean that by default, Debian installations have no firewall set?
reply

It looks great, except that it doesn't work in a stock U19.04, as the whole iptables service infrastructure isn't there, so you can't start it, etc, or do anything else with it. Even loading it and trying failes for a plethora of other reasons. From that point on, nothing here works, so it fails the 30 second test. A Shame, it would have been good.
reply

This is much better than UFW because you can customize by building small programs and then add a crontab to it just for fun( you dont really need to do that). I remember a few years ago I got so obsessed with iptables that my Apache server was overwhelmed by all the scripts I created for it. I was a fun sandbox experience though.
reply

I went a bit further with SSH services and other services such as VPN, CLOUD.
I restricted the acces of these service to only a few source IP adresses to narrow down the attack vector even more.
All other packets are just droped.
But Im wondering if those rules are optimal -

reply

I use FreeBSD. I am not interested in changing. However I wanted to see what the tables looked like, but you talked about other things too much. I waited and fast-forwarded. Maybe listing the minute at which you get to the rules? I just left without seeing the rules
reply

Great video man, thanks! Finally someone who is also prefering iptables over all the utilities :D What about a video on tunneling traffic from machine a to machine b and accessing the private network of machine b? :)
greetings

reply
Add a review, comment






Other channel videos