Search My Blog

Monday, August 26, 2013

Firewalls iptables for Linux and Windows OS's - How To Setup

Here's a Question that I got in an e-mail today...


Ever heard of this problem?  a Table is blocking internet...


We just changed providers - we went with Jet Blue - and he said we have
strong signals for all of Jackie's stuff but there may be something
wrong with my desk top.  He said it could be a fire wall or table.
Jackie ran a check and it did say something about the table but we
neither one know what that is. - Can you help me understand?


Jeff,

My Answer...

Well, IP Tables Firewall, is a Term that I have only been familiar with Concerning Linux Operating Systems. But, after doing a little searching. Windows does use this and similar terms to describe a "Windows Firewall" as well. Here's a few quick run downs on it all...

Don

Windows Firewall

16 out of 26 rated this helpful - Rate this topic
Published: August 01, 2004

Windows Firewall is a stateful host firewall designed to drop unsolicited incoming traffic that does not correspond to a dynamic or configured exception. A stateful firewall tracks the state of network connections. The firewall monitors traffic sent by the host and dynamically adds exceptions so that the responses to the sent traffic are allowed. Some of the state parameters that the Windows Firewall tracks include source and destination addresses and TCP and UDP port numbers.

This behavior of Windows Firewall provides a level of protection from malicious users and programs that use unsolicited incoming traffic to attack computers. With the exception of some Internet Control Message Protocol (ICMP) messages, Windows Firewall does not drop outgoing traffic.

Windows Firewall, a replacement for the Internet Connection Firewall (ICF) in Windows XP with Service Pack 1 and Windows XP with no service packs installed, is enabled by default in SP2. This means that all the connections of a computer running Windows XP with SP2 have Windows Firewall enabled, including LAN (wired and wireless), dial-up, and virtual private network (VPN) connections. New connections also have Windows Firewall enabled by default.

Without configured exceptions, Windows Firewall will drop traffic for server, peer, or listener applications and services. Therefore, it is likely you will want to configure Windows Firewall for exceptions to ensure that the Windows Firewall works appropriately for your environment. Windows Firewall settings are available for Computer Configuration only. They are located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall.

Identical sets of policy settings, as shown in Table 2, are available for two profiles:

  • Domain profile. Used when computers are connected to a network that contains your organization’s Active Directory domain.

  • Standard profile. Used when computers are not connected to a network that contains your organization’s Active Directory domain, such as a home network or the Internet.

    Table 2   Windows Firewall Group Policy Settings

    Policy Setting

    Description

    Windows Firewall: Protect all network connections

    Turns on Windows Firewall. The default is Not Configured.

    Windows Firewall: Do not allow exceptions

    Specifies that Windows Firewall blocks all unsolicited incoming messages, including configured exceptions. This policy setting overrides all configured exceptions. The default is Not Configured.

    Windows Firewall: Define program exceptions

    Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel. The default is Not Configured.

    Windows Firewall: Allow local program exceptions

    Allows local administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. The default is Not Configured.

    Windows Firewall: Allow remote administration exception

    Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using RPC and DCOM.

    The default is Not Configured.

    Windows Firewall: Allow file and printer sharing exception

    Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445. The default is Not Configured.

    Windows Firewall: Allow ICMP exceptions

    Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Tools and services use ICMP messages to determine the status of other computers. The default is Not Configured.

    Windows Firewall: Allow Remote Desktop exception

    Allows this computer to receive Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389. The default is Not Configured.

    Windows Firewall: Allow UPnP framework exception

    Allows this computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and UDP port 1900. The default is Not Configured.

    Windows Firewall: Prohibit notifications

    Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list. The default is Not Configured.

    Windows Firewall: Allow logging

    Allows Windows Firewall to record information about successful connections and the unsolicited incoming messages that it receives. The default is Not Configured.

    Windows Firewall: Prohibit unicast response to multicast or broadcast requests

    Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. The default is Not Configured.

    Windows Firewall: Define port exceptions

    Allows you to view and change the port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel. The default is Not Configured.

    Windows Firewall: Allow local port exceptions

    Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions policy setting. The default is Not Configured.

In addition, the following policy setting is available separately from the domain and standard profiles:
Read More...
http://technet.microsoft.com/en-us/library/bb457149.aspx


Windows 7 : Working with the Windows Firewall (part 3) - Configuring Advanced Firewall Security & Troubleshooting Advanced Firewall Problems






3/14/2011 6:41:01 PM

4. Configuring Advanced Firewall Security

In addition to the basic Windows Firewall, Windows 7 includes Windows Firewall with Advanced Security. At home, you probably won’t work much with this feature. At the office, however, especially if you work in a medium or large organization, you may find it critical to know how the advanced firewall works.

Windows Firewall with Advanced Security allows you to open a custom management console for use in managing advanced firewall features. As Figure 4 shows, this console gives you direct control over inbound, outbound, and connection security rules for the firewall’s domain profile, private profile, and public profile. One way to open the firewall console is to click the “Advanced settings” link in the main page for the basic firewall. Another way to open Windows Firewall with Advanced Security is to follow these steps:

  1. Click Start and then click Control Panel.

  2. In the Control Panel, click System and Security and then click Administrative Tools.

  3. In Administrative Tools, double-click Windows Firewall with Advanced Security.

Figure 4. Configuring advanced firewall settings using Windows Firewall with Advanced Security


Windows Firewall with Advanced Security gives you a host of additional features and management options over the basic Windows Firewall. You have object classes on the left side of the window, and their associated properties on the right side of the window. This follows the classic design of Microsoft products, making management very intuitive. To configure specific settings, simply click the desired object from the left and manage it from the right. You also can right-click a selected object to get context menus with more options. Table 2 lists the objects and their associated properties from the Windows Firewall with Advanced Security management console.

Read More...
http://programming4.us/desktop/3484.aspx


Configuring Windows XP Firewall

 

The Firewall configuration in the Windows XP Operating System can be modified using Desktop Central. The Windows XP Firewall blocks or permits access to the computer for specific TCP or UDP ports.

The Firewall Configuration can be deployed only on the computers with the Windows XP (with Service Pack 2) Operating System.

Step 1: Name the Configuration

Provide a name and description for the Firewall Configuration.

Step 2: Define Configuration

Select the Firewall Action from the combo box. The action could be any of the following:

  • ON: To turn on the Windows XP Firewall.
  • OFF: To turn off the Windows XP Firewall.
  • DONT MODIFY: To preserve the client settings. This option is selected by default.

The Firewall configurations defined using Desktop Central can be deployed successfully to the client computers. However, it will take effect only when you turn on the Windows XP Firewall.

Specify the following parameters to block/unblock a port:
Read More...
http://www.manageengine.com/products/desktop-central/help/computer_configuration/configuring_windows_xp_firewall.html
v


Firewall Table Windows


Firewall Table Windows - Google Search
How Windows Firewall Works
Windows Firewall Tools and Settings
Windows Firewall
Postinstallation Configuration Tasks on Windows
Windows 7 : Working with the Windows Firewall (part 3) - Configuring Advanced Firewall Security & Troubleshooting Advanced Firewall Problems - Tutorials,Articles,Algorithms,Tips,Examples about Desktop
The United States Government Configuration Baseline (USGCB) - Windows 7 Firewall Content
Windows XP Firewall Configuration, Block Port, Unblock Port, Add Exceptions, Enable Windows Firewall, Disable Windows Firewall, Desktop Computer Configuration
Windows Firewall - Wikipedia, the free encyclopedia

Now, if you are running Linux. Like I am... Then here's some info for you...

I just use the GUI App that comes with Fedora or which ever Linux Distro that I am running. It is much easier to setup this way for me. The Screenshot below. Shows the GUI App in my Fedora 14 Linux System. I selected the Custom Rules, so as not to show my Firewall Settings (for my own Security). The There is a Wizard in most Linux Firewall GUI Apps. And this should get you setup and running well, if you are a beginner. But, if you know which Ports and Services that you want to allow or dis-allow. Then you can just do it manually. You can Disable the Firewall in the Options Tab. Only do this for a limited time. For testing or trouble shooting. Or you will be left completely Un-Protected!:O

Don



Of course there are plenty of How To's on the Internet on how IP Tables Firewalls work and how to set them up in the Command Line. I'll past in a little bit of info on this below...


Don

Stateful firewall

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.

Stateful inspection, also referred to as Dynamic Packet Filtering, is a security feature often included in business networks. Check Point Software introduced stateful inspection in the use of its FireWall-1 in 1994.‏‏[1] [2]

Read More...
http://en.wikipedia.org/wiki/Stateful_firewall


iptables are the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
Read More...
http://en.wikipedia.org/wiki/Iptables


Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

by Ramesh Natarajan on January 24, 2011

iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.

iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.

This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.

This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.

On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets.

So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.


Fig: IPTables Table, Chain, and Rule Structure

Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.

I. IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1. Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

  • INPUT chain – Incoming to firewall. For packets coming to the local server.
  • OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
  • FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.

2. NAT table

Iptable’s NAT table has the following built-in chains.

  • PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT).
  • POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT).
  • OUTPUT chain – NAT for locally generated packets on the firewall.

3. Mangle table

Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.

  • PREROUTING chain
  • OUTPUT chain
  • FORWARD chain
  • INPUT chain
  • POSTROUTING chain

4. Raw table

Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.

  • PREROUTING chain
  • OUTPUT chain

The following diagram shows the three important tables in iptables.

Fig: IPTables built-in tables

II. IPTABLES RULES

Following are the key points to remember for the iptables rules.

  • Rules contain a criteria and a target.
  • If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
  • If the criteria is not matached, it moves on to the next rule.

Read More...
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/

HowTo Disable The Iptables Firewall in Linux

If you need to Disable you Firewall in a Linux OS. Which of course, you should only do, Temporarily for Testing or Trouble Shooting Purposes. And you want to do it in the Terminal - Command Line...
Go here...
http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/

Firewall Table - iptables are the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores


Firewall Table - Google Search
How to Set Up a Firewall Using IP Tables on Ubuntu 12.04 | DigitalOcean
iptables - Wikipedia, the free encyclopedia
Stateful firewall - Wikipedia, the free encyclopedia
Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
netfilter/iptables project homepage - The netfilter.org project
HowTo Disable The Iptables Firewall in Linux
Last but Certainly not least... There is a Firewall in most Routers. If you are not Connected Directly to your ISP's Modem. And you go through a Router or there is a Built in Router in your ISP Provided Modem. If you have a "Combo Modem". Then there are a Settings for the Firewall in them as well. They are all a little different. So, if you don't know how to set yours up. Then Do a few Searches on your Modem, including your Make and Model Numbers (Not the Serial Number or Mac address). That's about all I can think of.

Good Luck...

Don

No comments: