← Network+ Hub

Firewall Rules Lab

70 minutes Intermediate 4 Scenarios
1

Firewall Rule Fundamentals

Beginner
Objective: Understand iptables rule structure, chains, and the default policy concept.

iptables Rule Structure

# Syntax: iptables -A CHAIN -p PROTOCOL --dport PORT -s SOURCE -j ACTION # Allow incoming SSH from trusted network # iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j ACCEPT # Allow incoming HTTP and HTTPS from anywhere # iptables -A INPUT -p tcp --dport 80 -j ACCEPT # iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Allow DNS queries (outbound) # iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # Drop all other incoming traffic (default deny) # iptables -P INPUT DROP

Key Concepts

ChainDirectionPurpose
INPUTInboundTraffic destined for this host
OUTPUTOutboundTraffic originating from this host
FORWARDThroughTraffic passing through (routing/NAT)
ActionBehavior
ACCEPTAllow the packet through
DROPSilently discard the packet
REJECTDiscard and send error response back
LOGLog the packet then continue processing
Rule Order Matters: iptables processes rules top to bottom. The FIRST matching rule wins. Always put specific rules before general ones, and set a default deny policy last.
2

Write Firewall Rules

Intermediate
Objective: Write iptables rules to match a given security policy.

Scenario: Web Server Hardening

You are securing a web server (10.50.25.100). The security policy requires:

  • Allow HTTP (80) and HTTPS (443) from anywhere
  • Allow SSH (22) only from admin subnet 10.50.1.0/24
  • Allow outbound DNS (53/udp) and NTP (123/udp)
  • Allow established/related return traffic
  • Default deny everything else (INPUT and OUTPUT)

Interactive Rule Builder

Build your iptables rule:

iptables -A INPUT -p tcp --dport -j ACCEPT
3

UFW - Uncomplicated Firewall

Intermediate
Objective: Learn UFW as a simplified iptables frontend commonly used on Ubuntu/Debian.

UFW vs iptables Comparison

Taskiptablesufw
Allow SSHiptables -A INPUT -p tcp --dport 22 -j ACCEPTufw allow ssh
Allow HTTPiptables -A INPUT -p tcp --dport 80 -j ACCEPTufw allow 80/tcp
Allow from subnetiptables -A INPUT -s 10.0.0.0/24 -j ACCEPTufw allow from 10.0.0.0/24
Deny portiptables -A INPUT -p tcp --dport 23 -j DROPufw deny 23/tcp
Default denyiptables -P INPUT DROPufw default deny incoming
View rulesiptables -L -n -vufw status verbose

UFW Status Output

$ sudo ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN 10.50.1.0/24 [ 2] 80/tcp ALLOW IN Anywhere [ 3] 443/tcp ALLOW IN Anywhere [ 4] 23/tcp DENY IN Anywhere [ 5] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 443/tcp (v6) ALLOW IN Anywhere (v6)
4

Test Rules Against Traffic

Advanced
Objective: Given a ruleset, predict whether specific traffic will be allowed or blocked.

Active Firewall Rules

# Rule 1: Allow established connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Rule 2: Allow SSH from admin network iptables -A INPUT -p tcp --dport 22 -s 10.50.1.0/24 -j ACCEPT # Rule 3: Allow HTTP iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Rule 4: Allow HTTPS iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Rule 5: Allow ICMP (ping) iptables -A INPUT -p icmp -j ACCEPT # Rule 6: Log and drop everything else iptables -A INPUT -j LOG --log-prefix "FW_DROP: " iptables -A INPUT -j DROP
Default Deny Principle: In a properly configured firewall, everything is denied by default. You only open the ports that are explicitly needed. This is a fundamental security principle -- deny all, permit by exception.