Please enable JavaScript.
Coggle requires JavaScript to display documents.
Linux Networking and Services II - Coggle Diagram
Linux Networking and Services II
ACLs Overview and Netfilter Introduction
Access Control List (ACL)
is a list of rules to control access to computer resources.
ACCEPT = Let the traffic through
DROP = Silently ignore the traffic .
REJECT = Block the traffic and send back a message.
Rule Order Matters
Stateful vs Stateless: Stateful tracks sessions (more secure); iptables is stateless by default.
iptables interacts with the Linux kernel's netfilter framework to manage network traffic.
iptables
is used to create and/or modify ACLs for the Linux firewall.
IPTables
sudo iptables -s 192.168.1.0/24 -p all -A INPUT
iptables Use the iptables firewall tool
-A INPUT Append (-A) this rule to the INPUT chain (incoming traffic)
-s 192.168.1.0/24 Source IP range — this rule applies to traffic from the 192.168.1.x network
-p all Apply the rule to all protocols (TCP, UDP, ICMP, etc.)
sudo iptables -s 127.0.0.1 -d 127.0.0.1 -A INPUT
-d for distenation
sudo iptables -s localhost -D INPUT
-D INPUT -->Delete a rule from the INPUT chain
sudo iptables -L --line-numbers
sudo iptables -D INPUT 5
5 to delete the line n5
sudo iptables -s 192.168.1.37 -I INPUT 1
-I INPUT 1 Insert the rule at line 1 of the INPUT chain
sudo iptables -nvL
-n Numeric output: Don't resolve IP addresses or port names (faster, cleaner)
-v Verbose: Show extra info like packet/byte counts and interfaces
-L List all current rules in all chains (INPUT, OUTPUT, FORWARD)
sudo iptables-save
IPTables (Extended Rules and Default Policies)
sudo iptables -R INPUT 2 -s 192.168.1.0/24 -j DROP
-j DROP Drop the matching packets (deny them from entering the system)
-R INPUT Replace the rule at position 2 in the INPUT chain
sudo iptables -R INPUT 1 -s 192.168.1.37 -d 127.0.0.1 -p tcp --dport 8080
-p tcp specifies the protocol for the rule
--dport 8080 specifies the destination port for the rule
The --sport option in iptables allows you to filter packets based on the source port of the traffic.
-m conntrack enables connection tracking.
--ctstate defines the state (NEW, ESTABLISHED,RELATED,INVALID)
INVALID: The packet is associated with no known connection.
NEW: The packet has started a new connection or otherwise associated with a connection that has not seen packets in both directions.
ESTABLISHED: The packet is associated with a connection that has seen packets in both directions.
RELATED: The packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer or an ICMP error.
UNTRACKED: The packet is not tracked at all, which happens if you explicitly un-track it by using -j CT --notrack in the raw table.
to make stateful firewall
sudo iptables -I INPUT 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-m conntrack: Uses the connection tracking module.
--ctstate RELATED,ESTABLISHED: Matches packets that are part of an existing connection or related
UFW and FWBuilder
sudo ufw status
sudo ufw app list
sudo ufw app info SSH
sudo ufw allow SSH
sudo ufw enable
sudo ufw disable
sudo apt install fwbuilder
Managing Network Services
SysV
is an older init system that controls how services are started, stopped, and managed.
Runlevels
are designations set to how a Linux system starts and what services are running.
Runlevel 0: The system state when it is halted or powered off. This is not an effective runlevel, but it can be called on to execute a system shutdown.
Runlevel 1 (Single User Mode): The state where only one user (root) can log in to the system to conduct administrative tasks. Networking is disabled for this runlevel and only the command line interface is used.
Runlevel 2 (Multiuser Mode): The network is disabled and the command line interface is used.
Runlevel 3 (Multiuser Mode with Networking): The command-line interface is used and networking is enabled.
Runlevel 4: Undefined by default. This is available for a custom runlevel, if required.
Runlevel 5 (Multiuser Mode with a Graphical User Interface): Networking is enabled. This is the default runlevel_on any Linux distribution that is using a GUI.
Runlevel 6: The runlevel to restart the Linux host. This is another runlevel that is not effective, but it can be called on to execute a system restart.
/etc/inittab
defines system runlevels, services, and terminal settings, while systemd uses unit files and doesn't require this file.
/etc/init.d/
contains startup scripts in SysVinit
Each runlevel will have a respective /etc/rc#.d/ directory associated with it. This is used to add the services that will be started for that runlevel in the form of scripts.
/etc/init.d/ssh start
starts the SSH service on a system
sudo service ssh start
{start|stop|status}.
Systemd
/sbin/init
systemctl
is a command-line tool for managing services and system states in systemd-based systems.
stop will stop a service.
status will show the running status of a service.
reload will reload the configuration files for a service without the need to stop the service.
enable/disable will mark the service to run at a system boot or not.
target-units.
similar in concept to runlevels
sudo systemctl list-units --type=target --all
There are also three categorizations for each target-unit:
LOAD specifies if a target-unit is loaded in the Linux host.
ACTIVE specifies if a particular target-unit is currently active or not.
SUB specifies the status of the services running under a target-unit.
SSH
is a cryptographic network protocol designed to provide secure communication over unsecured networks.
SSH service is running and listening on TCP port 22
HTTP
sudo systemctl start apache2
create a temporary web server that uses Python
sudo python3 -m http.server 80
FTP (pure-ftpd)
FTP is an application-layer protocol that enables reliable file transfers between client and server across different systems.
./setup-ftp.sh
shell script (likely used to set up an FTP server or client).
restarts the service.