Background#
During the attack and defense exercise, a device could not connect to the master control end. When using iptables -L INPUT --line -number
to view INPUT and OUTPUT, there were abnormalities and both were deleted, but the connection to the master control end still couldn't be established. Finally, it was confirmed that there was a policy in the raw table.
Four Tables and Five Chains#
Linux firewall (iptables) uses the structure of Four Tables, Five Chains to manage and control network traffic. This structure is a core component of iptables and is used to configure firewall rules and filter network packets.
Here is an overview of the Four Tables:
- filter table: used to filter network packets and determine whether to allow or reject packets through the firewall based on rules.
- nat table: used for Network Address Translation (NAT), mainly used to implement port forwarding and IP address translation.
- mangle table: used to modify the headers of packets, such as modifying the Time to Live (TTL) value and setting packet marks.
- raw table: provides processing of raw packets, usually used for configuring Connection Tracking and handling specific types of packets.
Here are the Five Chains:
- INPUT chain: used to process packets entering the local system, such as incoming network requests.
- OUTPUT chain: used to process packets sent from the local system, such as network requests initiated by the local system.
- FORWARD chain: used to process packets forwarded through the local system, such as packets forwarded as a router.
- PREROUTING chain: used to process packets before they reach the network protocol stack of the local system, usually used for Network Address Translation (NAT).
- POSTROUTING chain: used to process packets after they leave the network protocol stack of the local system, usually used for Network Address Translation (NAT).
Deleting the raw table#
To delete the raw table in the Linux firewall, you can use the -t
option of the iptables command to specify the table name as "raw", use the -F
option to flush all the rules in that table, and then use the -X
option to delete the table.
Here are the command examples to delete the raw table:
iptables -t raw -F
iptables -t raw -X
Please note that executing these commands requires administrator or root privileges. Before deleting a table, make sure you understand and confirm its impact to avoid accidentally deleting important rules. It is recommended to backup your rules before making any firewall configuration changes and test them in a secure environment.
Deleting individual rules in the raw table#
To delete a single rule in the raw table, you can use the -t
option of the iptables command to specify the table name as "raw", and use the -D
option to specify the position or rule specification of the rule to be deleted.
Here are the command examples to delete an individual rule in the raw table:
iptables -t raw -D <chain> <rule_specification>
Please replace <chain>
with the chain in the raw table (e.g., PREROUTING, OUTPUT, etc.), and replace <rule_specification>
with the specific position or rule specification of the rule to be deleted.
For example, if you want to delete the third rule in the PREROUTING chain, you can execute the following command:
iptables -t raw -D PREROUTING 3
If you know the rule specification of the rule to be deleted, you can replace it with <rule_specification>
. For example, if you want to delete a rule with a source IP address of 10.0.0.1, you can execute the following command:
iptables -t raw -D PREROUTING -s 10.0.0.1 -j <target>