 So in Linux, the Linux operating system, one of the most widely used firewall implementations is called IP Tables. It's a program that allows us to add rules, a packet filtering firewall. And you've used it for changing an address, but it's mainly used for a firewall. So I'll just show a couple of examples of how it works. We'll not go through all these slides. The idea is that if this is your computer, there's the hardware, your LAN card, network interface card, packets come in on the network interface cards, and they're passed to the Linux kernel. Think of the operating system. Normally, the packet comes in to the kernel or the operating system, and the operating system passes it up to the application like your web browser. That's the normal behavior. The Linux kernel has some feature called net filter, which really is the firewall component which filters out packets. So it will check those packets which are coming up to the applications and also coming from applications to the network interface card and filter out those according to some rules. IP Tables is the software that we use as the user to control the filter rules, to add and delete rules. So that's what we use it for. Probably not so important. IP Tables talks about using tables of filters, so a filter really is a set of rules. And the main filter or the main table is called simply the filter table, which is what we will use. But there are other tables for network address translation for converting one address into another address, and you use that in your NTP denial of service attack. You change your address, your IP address, into a fake IP address. You translated your address, so you can do that with IP tables. You can also mangle packets, not just change the address, change the contents of packets with IP tables. But we will not do that. And tables, the set of rules are grouped into chains. With respect to your computer, there are three main type of chains, input, output, and forward. And it distinguishes between packets which are coming to your computer, coming from your computer, or going through your computer. Input, if someone sends a packet to you, then it's input. If your computer sends a packet to someone else, then it's output. If your computer is a router and someone's sending a packet through your router, that is you forward that packet, then it's classified as a forward packet. So you can create rules depending upon whether the packet is input, output, or forward. Pre-routing and post-routing are mainly just used if we want to modify packets, so we're not touch them for a firewall. Let's create one or two rules just to demonstrate at work. And I've got some virtual nodes that we have to demonstrate, three nodes. Node one is, we draw it. The setup of this network is simply three nodes. Node one, node one, two. This is a host. This is a router. This is a host. And they're connected like that. And we'll run the firewall on the router just to demonstrate. So let's say node one wants to talk to node three. We'll add some rules on the router, the firewall rules, to control the traffic going between one and three. For example, if I ping node three, so I'm on node one, I ping node three, 2.21 is the address of node three. We get the response. So ping is going from node one through the router to node three. I want to add a rule on the firewall to drop or block ping, just to show the way to do that. So this is my firewall, node two, which is the router. We use IP tables and we need to be pseudo to do it. IP tables is the command. And what we do is we add a rule using minus a to add. And in this case, forget about pre-routing. In this case, think about the other three of, where is it, input, output or forward. From the firewall's perspective, it's acting as a router. So we want to deal with the packets that this firewall is forwarding onto others. From node one to node three, it's forwarded by node two. So we specify forward as the chain here. We add a rule to the forward chain and now we specify some conditions. What conditions should we specify to block ping? What type of packets are ping packets? What protocol? Protocol minus P, just the syntax, the protocol, ICMP. And that's the conditions we want. We're not going to do it on addresses just yet. Then we specify an action and we jump to an action. And what should we do? Drop. So this is the rule to drop ping. So ping is at number 104. We do it, password, and ping stops. So it's stopped. That is, the request is being sent from node one. Ping is still running. What is happening is the request is being sent to node one to the router, node two. The firewall, that request should be forwarded through the firewall. But we've added a rule that says anything that's forwarded through the firewall. If it's an ICMP packet, drop it. We can have a look at the IP tables rules, list the rules. This just lists the rules. It says, if the protocol is ICMP, any source, sorry, it's coming on any interface in, going on any interface out from any source, yikes. Going to anywhere, drop it. And so far we've dropped 46 packets. We've now dropped 74 because ping is actually still running. We can, how do we delete the rule? Instead of add, delete. And ping's back to running. So this is just a simple introduction to IP tables, the command, which will allow you to add rules to a firewall and to implement some policy. Let's stop ping. Let's do one more. Let's start a server on node three. Netcat listens as a Netcat server. Listen on port one, two, three, four, five. And on my client, what can I do? Netcat to the address, port one, two, three, four, five. And we can send a message. What did I do wrong? Maybe it's time to go home. I'm glad you're awake. It's 192.1682.21. Netcat just uses a TCP connection from node one to node three to send a message. We can add a rule on our firewall to block that. Add a rule. What protocol? What transport protocol? TCP. What do we want to block? Netcat is the application. What port number is the server using? So in this case, I started it on port one, two, three, four, five. So let's say destination port one, two, three, four, five. Anything going to port one, two, three, four, five using TCP, let's drop it. It still works. Add our rule. Now it doesn't work. We're sending a message, but the message is not getting to the server because that rule is dropping the packet. So just to gain different syntax of how to control our firewall rules in this case, if it's TCP and the destination port one, two, three, four, five drop that packet, delete that rule, gone. Why? We've lost the connection. With TCP, the connection usually times out and it finally gets there. So what was happening before is we were sending a packet, remember, the TCP and we send retransmit many times because we couldn't get it through and now the retransmission of that data finally gets through. Have a look through the IP tables syntax and maybe we'll give you some homework tasks to set some rules to set up a firewall.