For this lab, you'll use the same virtual machine that you used for the previous lab. You won't replace any of the rules that you already have. Rather, you'll just add a couple. Let's get started:
- Look at the rules for the filter and the mangle tables. (Note that the -v option shows you statistics about packets that were blocked by DROP and REJECT rules.) Then, zero out the blocked packets counter:
sudo iptables -L -v
sudo iptables -t mangle -L -v
sudo iptables -Z
sudo iptables -t mangle -Z
- From either your host machine or another virtual machine, perform the NULL and Windows Nmap scans against the virtual machine:
sudo nmap -sN ip_address_of_your_VM
sudo nmap -sW ip_address_of_your_VM
- Repeat Step 1. You should see a large jump in the number of packets that were blocked by the final DROP rule in the INPUT chain of the filter table:
sudo iptables -L -v
sudo iptables -t mangle -L -v
- Make the firewall work more efficiently by using the PREROUTING chain of the mangle table to drop invalid packets, such as those that are produced by the two Nmap scans that we just performed. Add the two required rules with the following two commands:
sudo iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
sudo iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
- Save the new configuration to your own home directory. Then, copy the file to its proper location and zero out the blocked packet counters:
sudo iptables-save > rules.v4
sudo cp rules.v4 /etc/iptables
sudo iptables -Z
sudo iptables -t mangle -Z
- Perform only the NULL scan against the virtual machine:
sudo nmap -sN ip_address_of_your_VM
- Look at the iptables ruleset and observe which rule was triggered by the Nmap scan:
sudo iptables -L -v
sudo iptables -t mangle -L -v
- This time, perform just the Windows scan against the virtual machine:
sudo nmap -sW ip_address_of_your_VM
- Observe which rule was triggered by this scan:
sudo iptables -L -v
sudo iptables -t mangle -L -v
That's the end of this lab—congratulations!