1 00:00:00,05 --> 00:00:02,07 - [Instructor] Let's set up a host firewall 2 00:00:02,07 --> 00:00:04,08 using IP tables. 3 00:00:04,08 --> 00:00:07,00 The default rules for host firewalls 4 00:00:07,00 --> 00:00:12,02 are blocking all the incoming or ingress packets, 5 00:00:12,02 --> 00:00:16,04 allowing all the outgoing or egress packets 6 00:00:16,04 --> 00:00:20,00 and then disabling forwarding. 7 00:00:20,00 --> 00:00:23,07 Forwarding is for redirecting a packet coming 8 00:00:23,07 --> 00:00:26,05 to a particular network interface card, or NIC, 9 00:00:26,05 --> 00:00:28,01 to another NIC. 10 00:00:28,01 --> 00:00:29,09 Your computer usually 11 00:00:29,09 --> 00:00:34,05 has only a single network interface card. 12 00:00:34,05 --> 00:00:38,08 In our case, all we care about is the host itself. 13 00:00:38,08 --> 00:00:42,09 Therefore, forwarding is irrelevant. 14 00:00:42,09 --> 00:00:48,00 Let's start by looking at the current Netfilter settings. 15 00:00:48,00 --> 00:00:50,03 We'll start by typing sudo, 16 00:00:50,03 --> 00:00:53,08 which temporarily makes you a root or super suer 17 00:00:53,08 --> 00:00:57,03 only when you're issuing that particular command. 18 00:00:57,03 --> 00:01:00,03 Type sudo 19 00:01:00,03 --> 00:01:08,00 space iptables -L 20 00:01:08,00 --> 00:01:10,06 and press Enter. 21 00:01:10,06 --> 00:01:15,00 If your operating system or OS asks for a password 22 00:01:15,00 --> 00:01:18,02 for the root, provide one. 23 00:01:18,02 --> 00:01:23,04 The terminal displays the current Netfilter settings. 24 00:01:23,04 --> 00:01:25,00 According to the output, 25 00:01:25,00 --> 00:01:31,04 the chain INPUT accepts all the incoming packets. 26 00:01:31,04 --> 00:01:37,05 The FORWARD chain also accepts packets. 27 00:01:37,05 --> 00:01:40,02 The OUTPUT chain accepts all the outgoing 28 00:01:40,02 --> 00:01:44,03 or egress packets. 29 00:01:44,03 --> 00:01:48,01 Let's see if the firewall rules work. 30 00:01:48,01 --> 00:01:51,00 Before moving on, let's check the IP address 31 00:01:51,00 --> 00:01:53,00 of the Ubuntu host. 32 00:01:53,00 --> 00:01:57,02 Type ifconfig. 33 00:01:57,02 --> 00:01:59,05 Press Enter. 34 00:01:59,05 --> 00:02:05,08 The IP address is 10.0.0.4. 35 00:02:05,08 --> 00:02:07,04 Keep this IP address in mind 36 00:02:07,04 --> 00:02:11,05 because we are going to ping this IP address 37 00:02:11,05 --> 00:02:13,08 from another host. 38 00:02:13,08 --> 00:02:15,07 The ping command is used 39 00:02:15,07 --> 00:02:20,09 for checking if a host is up or down. 40 00:02:20,09 --> 00:02:25,07 First, activate a command prompt. 41 00:02:25,07 --> 00:02:28,04 Type cmd. 42 00:02:28,04 --> 00:02:32,03 Choose Command Prompt. 43 00:02:32,03 --> 00:02:37,04 Type ipconfig. 44 00:02:37,04 --> 00:02:43,06 The IP address of this host is 10.0.0.5. 45 00:02:43,06 --> 00:02:47,01 Now I'm going to be pinging the Linux host 46 00:02:47,01 --> 00:02:49,03 from my Windows client 47 00:02:49,03 --> 00:02:55,02 by typing ping 10.0.0.4. 48 00:02:55,02 --> 00:02:56,08 Press Enter. 49 00:02:56,08 --> 00:02:58,06 My pings are receiving responses 50 00:02:58,06 --> 00:03:00,06 from the Ubuntu host. 51 00:03:00,06 --> 00:03:02,09 Great, the firewall rules are working 52 00:03:02,09 --> 00:03:06,06 because we want them to accept the incoming packets, 53 00:03:06,06 --> 00:03:09,03 like my pings. 54 00:03:09,03 --> 00:03:12,06 Now we're going to set up our Netfilter firewall 55 00:03:12,06 --> 00:03:15,02 to block all the incoming traffic 56 00:03:15,02 --> 00:03:17,00 while disabling forwarding 57 00:03:17,00 --> 00:03:20,05 and allowing the outgoing traffic. 58 00:03:20,05 --> 00:03:27,07 The first command to give is sudo iptables -P. 59 00:03:27,07 --> 00:03:30,05 Make sure P is capital. 60 00:03:30,05 --> 00:03:34,01 Dash P indicates a default rule 61 00:03:34,01 --> 00:03:36,06 for a particular chain. 62 00:03:36,06 --> 00:03:38,04 To block forwarding, 63 00:03:38,04 --> 00:03:43,09 let's type FORWARD DROP. 64 00:03:43,09 --> 00:03:46,05 Press Enter. 65 00:03:46,05 --> 00:03:49,09 Let's check the updated forwarding rule. 66 00:03:49,09 --> 00:03:51,07 I can recall my previous commands 67 00:03:51,07 --> 00:03:54,01 by using the up arrow key 68 00:03:54,01 --> 00:03:57,01 and that's what I just did. 69 00:03:57,01 --> 00:04:02,02 The command is sudo iptables -L. 70 00:04:02,02 --> 00:04:05,01 Press Enter. 71 00:04:05,01 --> 00:04:09,05 Do you see the word DROP next to FORWARD? 72 00:04:09,05 --> 00:04:14,02 It was ACCEPT when we checked the status last time. 73 00:04:14,02 --> 00:04:16,07 Finally, let's drop all the incoming packets 74 00:04:16,07 --> 00:04:29,02 by typing sudo iptables -P INPUT DROP. 75 00:04:29,02 --> 00:04:31,04 Press Enter. 76 00:04:31,04 --> 00:04:34,05 At this point, if you're connecting to your virtual machine 77 00:04:34,05 --> 00:04:36,06 through a remote desktop client, 78 00:04:36,06 --> 00:04:38,05 you'll lose your access. 79 00:04:38,05 --> 00:04:41,01 That's exactly what happened to me here. 80 00:04:41,01 --> 00:04:45,01 The drop command certainly worked. 81 00:04:45,01 --> 00:04:47,08 Now let's go back to our Windows host 82 00:04:47,08 --> 00:04:52,07 and try to ping the Ubuntu virtual machine again. 83 00:04:52,07 --> 00:04:55,01 I can recall my previous command here 84 00:04:55,01 --> 00:04:57,06 by using the up arrow key again. 85 00:04:57,06 --> 00:05:03,01 The command is ping 10.0.0.4. 86 00:05:03,01 --> 00:05:08,01 Press Enter. 87 00:05:08,01 --> 00:05:12,07 Your ping requests are timing out. 88 00:05:12,07 --> 00:05:14,03 There is no response, 89 00:05:14,03 --> 00:05:18,03 which means that the firewall is doing its job. 90 00:05:18,03 --> 00:05:19,06 What do you think? 91 00:05:19,06 --> 00:05:22,02 Setting up the host file using the CLI 92 00:05:22,02 --> 00:05:24,00 isn't that bad, right?