During my studies, I learned about network security and how important is to take measurements in securing our network. So for my first project, I choose to build a simple but effective firewall in my Kali Linux virtual machine. A firewall is a subsystem on a computer that blocks or allows certain network traffic from going into or out of our computer.
Sources : Network Basics for Hackers by Occupytheweb , https://www.netfilter.org/projects/iptables/index.html
I choose iptables due to their user-friendliness and because it's a long-standing framework that is secure and flexible.
In this picture we can see the useful commands.
-A is append rule to the chain -D delete rule -L list -F erase list -j target -s source -d destination
This is the default configuration and all the chains are in ACCEPT.
This means that we accept connections without restrictions.
On the first rule, I pinged facebook.com, and based on the outcome of the ping request, I applied the first rule.
To block any connection coming and going to our computer from facebook.com
It's important to note that iptables will make a DNS lookup only at the time of the creation of the rule.
For this reason, It is preferable to use the IP address of the domain.
In the second rule that I applied, I created a rule that accepts any package coming from CNN.
Therefore I pinged the IP address of the domain.
The rules have been applied and we can see that we dropped the packages coming from facebook.com and we accepted the packages from cnn.com
With facebook.com we don't have a response because it is blocked and cnn.com we allowed to receive traffic.
In the third rule, I applied two rules that block outgoing traffic to ports 80 and 443 which are HTTP and HTTPS traffic respectively.
Any attempt to access websites from my Kali machine will be blocked.
Shows also the outcome of the rules that we applied.
As the result of blocking the port 80 and 443 we dont recieve any package from any website
I was experimenting and learning with this framework so erased all the rules that I made using the command sudo iptables -F.
I acquired a deeper understanding of how firewalls work and explored different open-source frameworks in Kali Linux. I learned about the iptables framework and the new version, nftables. Nftables is better suited for larger networks, and although migrating from the old version (iptables) to the new version is challenging, I chose to experiment with nftables in a home network. The order of the rules is critical. This means that iptables will search through the rules until it finds a match. For example, if the last two rules drop ports 80 and 443 and are placed before the domain rule, the user would never be able to reach cnn.com, as the drop rules would match before reaching the domain rule.