Packet Filtering Using IP Tables in Linux

Abstract

The Internet is a fun little playground and at the same times a hostile environment. Like any other society, it's plagued with the kind of people who enjoy the electronic equivalent of writing on other people's walls with spray paint, tearing off their mailboxes, or just sitting in the street blowing their car horns. Some people get real work done over the Internet, and some must protect sensitive or proprietary data. Usually, a firewall's purpose is to keep the intruders out of the network while letting to do the job. Nowadays, information is one of the very important assets in almost all organizations. Once the internal networks of those organizations are connected to the Internet, it becomes a potential target for cyber attacks. In order to secure the systems and information, each company or organization should conduct a self-hacking-audit, analyze the threats and eliminate it before getting any problem. A firewall is a system or group of systems that enforces an access control policy between two or more networks. The means by which this control is accomplished varies widely, but in principle, the firewall is a pair of mechanisms, one that blocks traffic and one that permits traffic. Some firewalls emphasize blocking traffic, while others emphasize permitting traffic. The most important thing to recognize about a firewall is that it implements an access control policy. In this thesis work major emphasis is on design and development of firewall script to deny/allow the network traffic. These scripts are written using the command line tool IP Tables, which support various features like the connection-tracking feature of IP Tables is a very useful thing. It can be used to prevent most TCP hijackings for non- IP Masqueraded clients that suffer from poor TCP sequence number randomization. Similarly, it can be used to prevent UDP packet hijacking in the same way.