How to install Giptables

By | March 16, 2016

What is Giptables?

“GIPTables Firewall is a free set of shell scripts that helps you generate iptables rules for Linux 2.4.x and newer kernels. It is very easy to configure and at present, designed to run on hosts with one or two network cards.

It doesn’t require you to install any additional components to make it work with your GNU/Linux system. All you need to set-up a very secure firewall for your GNU/Linux machines is iptables and GIPTables Firewall.

This is  very simple to configure and is installed in a very modular way. If a service is added to the server then it is quite simple to add another module to enable access to the new service.

Giptables Installation

First thing we need to install is netfilter (or iptables as most people refer to it as).

What is netfilter / iptables?

Netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresses [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack.

A registered callback function is then called back for every packet that traverses the respective hook within the network stack. iptables is a generic table structure for the definition of rulesets. Each rule within an IP
table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework


Download http://www.netfilter.org/files/iptables-1.2.9.tar.bz2

# bunzip2 iptables-1.2.9.tar.bz2
# tar xvf iptables-1.2.9.tar
# cd iptables-1.2.9
# make BINDIR=/sbin LIBDIR=/usr/lib MANDIR=/usr/share/man
kernel_dir=/usr/src/linux
# make BINDIR=/sbin LIBDIR=/usr/lib MANDIR=/usr/share/man
kernel_dir=/usr/src/linux


Giptables Installation Directions

Download http://www.giptables.org/downloads/giptables-1.1.tar.gz

# tar xvzf giptables-1.1.tar.gz
# cd giptables-1.1
# ./install.sh
GIPTables Firewall home directory is /lib/giptables
Usage: /etc/rc.d/init.d/giptables {start|stop|restart|panic}
An installation log file has been created: /tmp/giptables-install-20040121043839.log
GIPTables Fireall v1.1 installation OK!


Now we need to decide with default giptables configuration file (firewall rules script) that we are going to use. To start off with I am going to use giptables.conf.webserver and customize it for our purposes.

# cd /lib/giptables/conf
# cp giptables.conf.webserver giptables.conf.mybox
# ln -sf /lib/giptables/conf/giptables.conf.mybox /etc/giptables.conf


Customize /etc/giptables.conf

# vi +40 /etc/giptables.conf

Change
INTERFACE0_IPADDR=”0.0.0.0″
to
INTERFACE0_IPADDR=”192.168.0.50″
A few lines below that enter your ISP_PRIMARY_DNS_SERVER and
ISP_SECONDARY_DNS_SERVER addresses. Enter the correct addresses here.
Because we are setting this up and testing on a private subnet (192.168.0.0/24) we need
to enable access from this IP range.

# vi +160 /etc/giptables.con

Comment out
REFUSE_SPOOFING_IPADDR[5]=”192.168.0.0/16″
and
INTERFACE0_IN_REFUSE_SPOOFING[5]=”yes”
These lines must be uncommented when the server is put into service online.
Since we will not be running FTP on this server we can remove FTP access from the
configuration file

# vi +210 /etc/giptables.conf

Change
ACCEPT_FTP=”yes”
to
ACCEPT_FTP=”no”


Giptables Customization

If we have some specific IP Addresses that we wish to block from accessing any servers we can add them to to the /etc/rc.d/rc.giptables.blocked and then restart giptables

# /etc/init.d/giptables restart

Create some customized giptables rules for the following items

# /etc/init.d/giptables start

Leave a Reply

Your email address will not be published. Required fields are marked *