-------------------------------------------------------------------------- Documentation for the lecture: 1) General documentation on IPTABLES (CentOS and Ubuntu): opt.pdf from the documentation folder (for now only in romanian) from here, read at least the part of cautionary steps to do before configuring the firewall 2) About configuring firewall using UVW in Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04 -------------------------------------------- Lab documentation as follows: CentOS version: --------------- 1) iptables configuration https://www.cyberciti.biz/tips/linux-iptables-examples.html Utilities for querying DNS servers (host, nslookup): yum install bind-utils 1) Everything from 1-7, 9, 10 2) Only block incoming traffic (7.10) 3) block a certain website (family of adresses) (11.1) No longer requested for the test: 4) Drop Private Network Address On Public Interface (8) 5) Block or Allow ICMP Ping Request (15) 6) Drop or Accept Traffic From Mac Address (14) 7) Log and Drop Packets (12, 13) Ubuntu: ------- https://www.cyberciti.biz/faq/how-to-configure-firewall-with-ufw-on-ubuntu-20-04-lts/ 1) Steps 1-6 2) Delete rules 3) Reset, reload, view logs 4) List the rules Display various information: ---------------------------- a) The lshw command displays various hardware information sudo lshw without sudo you might get just a part of the information. b) The lsusb command displays information about the USB ports and devices lsusb c) The lslogin command displays information about known users in the system lslogin d) The lscpu command displays information about the CPU architecture lscpu e) Dispaly information about the open files lsof f) The lsipc command shows information on the inter-process communication facilities lsipc g) The lsblk command lists block devices, useful for finding out harddrive information lsblk -------------------------------------------------------------------------- The booting process for Ubuntu systems: --------------------------------------- sudo ufw allow from 203.0.113.4 to any port 22