WEBVTT 00:01.180 --> 00:09.250 In this lecture, we'll talk about the VIP table comment i.p table is the userspace component used to 00:09.250 --> 00:17.680 configure a net filter the kernel framework that does the actual filtering, except that IP table belongs 00:17.680 --> 00:26.140 to userspace and net filter belongs to Colonel Space so we can interact with that filter using the IP 00:26.140 --> 00:27.100 tables comment. 00:28.540 --> 00:36.450 There are also some graphical fronts for net filter that allow us to create rules, however, they lack 00:36.450 --> 00:44.370 the flexibility of using a command line, and Linux professionals rely heavily on the IP table segment, 00:44.580 --> 00:46.450 which has many, many options. 00:47.040 --> 00:52.340 It is also important to know that IP tables can be run only by a good. 00:54.480 --> 00:58.740 Let's move on and see what is the general syntax of IP tables. 01:01.130 --> 01:08.870 After a VIP table comment comes at the table, namely the table name indicates the net filter table 01:09.020 --> 01:13.670 on which the comment operates, by default, it's the filter table. 01:15.000 --> 01:21.560 Comment or option indicates the operation we perform on a chain of that table. 01:22.710 --> 01:26.020 Either long or short options are allowed. 01:26.280 --> 01:29.470 For example, we append a goal to the end of the. 01:30.060 --> 01:32.430 We supply a rule on a specific position. 01:32.730 --> 01:39.760 We flush all the rules of a specific chain and table, or we simply point out all the rules of watching 01:40.380 --> 01:44.880 equal his making and an action component. 01:45.420 --> 01:53.070 The mixing part of a rule specifies the criteria that a packet must meet in order for the associated 01:53.070 --> 01:55.980 action or target to be executed. 01:57.190 --> 02:04.630 A mix is something that specifies a special condition within the packet that must be true or false, 02:05.170 --> 02:14.040 and a single rule can contain several mixes and the entire condition is to if all the matches are true, 02:14.410 --> 02:21.490 for example, we may want to make packets that come from a specific host or network and are going to 02:21.490 --> 02:23.730 some parts on our system. 02:24.130 --> 02:32.200 If any of these matches fails, for example, the source address is incorrect, but everything else 02:32.200 --> 02:32.800 is true. 02:33.100 --> 02:37.180 The whole rule fails in the next list is tested on the packet. 02:37.450 --> 02:43.270 But if all makes these are true, the target specified by the rule is applied. 02:44.020 --> 02:53.080 Then comes minus G and the target, the target specifies what action is taken on packets mixing the 02:53.080 --> 02:54.580 criteria of the rule. 02:55.150 --> 03:04.600 Examples of targets archtop, accept, log or masquerade will dive deeper into targets in a dedicated 03:04.600 --> 03:05.260 section. 03:05.710 --> 03:06.720 Enough talking. 03:06.850 --> 03:09.490 Let's go to a terminal and write summary. 03:09.490 --> 03:10.730 A table source. 03:13.000 --> 03:20.750 Before starting writing rules, don't forget that only you can run VIP tables come in, you need good 03:20.770 --> 03:25.060 access in order to configure a net filter or run the VIP tables. 03:25.060 --> 03:27.600 Come in if you try to run the AP tables. 03:27.610 --> 03:30.160 Comment is a non user fee. 03:30.340 --> 03:32.170 You'll get the permission denied there. 03:35.050 --> 03:37.460 I've executed the IP tables. 03:37.480 --> 03:43.450 Comment is a non good user and I've got a permission denied there. 03:44.170 --> 03:47.480 It seems very clear that I must build. 03:49.320 --> 03:52.710 And I'm becoming glued by running through those, so 03:55.590 --> 03:56.570 now I'm good. 03:57.730 --> 04:00.160 Let's run the same comment is Ruth. 04:03.790 --> 04:05.480 OK, there is no air. 04:06.980 --> 04:13.440 By the way, the commander lifts the filter table, which is the default for input output and for our 04:13.470 --> 04:20.210 things, if you want to see the rules from other tables, you should specify the table using minus the 04:20.210 --> 04:20.750 option. 04:20.900 --> 04:24.710 Like this IP table is minus the minus L. 04:27.350 --> 04:30.830 It has displayed to the actions of the net people. 04:31.890 --> 04:32.330 OK. 04:33.680 --> 04:42.200 In the next example, I want to add the to filter table and input chain that drops incoming pink packets. 04:43.770 --> 04:50.550 First, I'm checking that pink is working pink and the IP address of Linux one. 04:51.750 --> 04:58.830 This is another Linux host and its host name is Linux, too, so Pink and the IP address of the other 04:58.830 --> 05:00.090 Linux operating system. 05:02.310 --> 05:03.720 Expen, at the end. 05:06.530 --> 05:16.670 Ping is working and now Duggal IP Tablers, I am adding the rule to the filter table filter minus a, 05:16.790 --> 05:20.360 I am appending the rule to the input chain. 05:22.430 --> 05:34.940 And the matches the protocol is ICMP minus minus ICMP type I'm making on the ICMP type Akko. 05:36.280 --> 05:46.240 There are more messages in the ICMP protocol, and I am dropping only echo or echo request packets minus 05:46.240 --> 05:51.670 G drop ping is still working and I'm hitting enter. 05:55.330 --> 05:58.210 OK, he twangs acoa request, not echo. 06:00.810 --> 06:01.310 Perfect. 06:03.100 --> 06:05.710 And we notice how Ping stopped. 06:11.920 --> 06:17.980 Let's list the contents of the final IP table minus Al. 06:20.210 --> 06:29.570 Or IP table is minus V and L, I want to see more information and there are 30 packets mixed by the 06:29.570 --> 06:29.840 whole. 06:31.190 --> 06:38.800 The same rule could be applied without the minus the filter option, the filter table is the default. 06:39.560 --> 06:40.510 It's the same. 06:40.700 --> 06:41.900 Let's try another rule. 06:43.050 --> 06:51.490 I want to deny access from this Linux host to a specific website like, say, W-W that Ubuntu dot com. 06:52.020 --> 06:56.830 Let's think about this requirement and split the role in more parts. 06:57.540 --> 07:00.000 What table are we using? 07:01.000 --> 07:08.210 And the answer is filter, because we are filtering traffic, we are not doing that or something else. 07:08.650 --> 07:11.190 So IP is my nasty filter. 07:11.740 --> 07:16.590 What IP tables comment or option are we going to specify? 07:17.260 --> 07:26.680 And the answer is minus a from up and we are going to append a new rule to the table. 07:28.230 --> 07:31.110 What chain will be used to make the pick? 07:31.890 --> 07:36.720 This is outgoing traffic and it always means output. 07:38.730 --> 07:40.050 And now come the. 07:41.250 --> 07:44.910 What makes these are required for this kind of traffic. 07:45.870 --> 07:50.070 So this is DCP traffic minus P from protocol. 07:50.070 --> 07:54.870 Tsipi minus minus depart 80. 07:55.150 --> 08:05.010 The traffic is going to port 80 and minus D, the destination IP address w w w dot ubuntu dot com. 08:06.030 --> 08:10.480 And what target or action we perform on the Mixtepec. 08:11.130 --> 08:21.600 And of course X drop minus G drop G means to jump to the specific target or to the following action 08:21.600 --> 08:29.610 when the packet mixes against these small targets are always written in uppercase letters. 08:31.100 --> 08:36.320 Before hitting enter, I want to check that the Web page is loading. 08:43.910 --> 08:54.790 And the pages are loading, we notice here that it uses GPS and that means Port 443. 08:55.190 --> 09:03.710 So I'm hitting enter and I'm adding another rule that drops back to port four hundred forty three. 09:04.830 --> 09:12.750 So, in fact, these two rules will block traffic to Port 80 or Port 443. 09:14.240 --> 09:15.740 Let's reload the page. 09:23.480 --> 09:27.500 And we notice that the page is not loading any more. 09:30.030 --> 09:35.100 If we leased the fire using my nacelle option and we end. 09:37.090 --> 09:44.560 OK, we see the IP table rules and a lot of mixed packets on the output chain. 09:45.880 --> 09:55.540 All of these IP addresses are of www.youtube.com and have been obtained from the DNS server. 09:57.520 --> 10:01.090 And we see a lot of mixed or dropped packages.