{"id":357,"date":"2012-04-10T13:53:01","date_gmt":"2012-04-10T12:53:01","guid":{"rendered":"http:\/\/www.bocciolesi.fr\/tutoriels-et-cours\/?p=357"},"modified":"2017-02-24T14:49:13","modified_gmt":"2017-02-24T13:49:13","slug":"securite-linux-netfilter-iptables","status":"publish","type":"post","link":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/","title":{"rendered":"S\u00e9curit\u00e9 Linux – NetFilter – IpTables"},"content":{"rendered":"
\"image_pdf\"Enregistrer en PDF<\/span><\/a><\/a><\/div>

I\u25ba IPTABLES est un m\u00e9canisme FireWall reposant sur un syst\u00e8me de tables :<\/strong><\/span><\/p>\n

La table FILTER\u00a0<\/b><\/span>permet de filtrer les paquets r\u00e9seaux. Tout paquet entrant est surveill\u00e9 et rediriger en entr\u00e9e ou en sortie. Cette table FILTER<\/span> <\/strong>est compos\u00e9e de cha\u00eenes<\/p>\n

\n
    \n
  • \n
    LA CHAINE\u00a0INPUT<\/strong><\/span>\u00a0<\/span>:Analyse tous les paquets entrants dans la machine<\/div>\n<\/li>\n<\/ul>\n
      \n
    • \n
      LA CHAINE FORWARD<\/span><\/strong>\u00a0:Analyse les paquets entrants \u00e0 passer d’une interface \u00e0 l’autre dans le cas d’une passerelle r\u00e9seau.autre, seulement dans le cadre d’une interface r\u00e9seau servant de passerelle.<\/div>\n<\/li>\n<\/ul>\n
        \n
      • \n
        LA CHAINE OUTPUT<\/span><\/strong>\u00a0: Analyse les paquets sortants quand ceux-ci sortent de la \u00a0machine.<\/div>\n<\/li>\n<\/ul>\n

        Les r\u00e8gles que l’on peut appliquer \u00e0 cette Tabe FILTER (policy) sont :\u00a0DROP<\/strong>,\u00a0LOG<\/strong>,\u00a0ACCEPT<\/strong>\u00a0et\u00a0REJECT<\/strong>.<\/p>\n

        Voici un exemple de configuration :<\/strong><\/p>\n

        #!\/bin\/bash
        \n#FLUSH des tables
        \n<\/span>iptables -F
        \n<\/span>#Le trafic entrant est Drop\u00e9
        \n<\/span>iptables -P INPUT DROP
        \n<\/span>#Tout le traffic sortant est drop\u00e9 \u00e9galement
        \n<\/span>iptables -P OUTPUT DROP
        \n<\/span>#On drop le forward aussi
        \n<\/span>iptables -P FORWARD DROP
        \n<\/span>#S\u2019il y a une connexion ouverte en entr\u00e9e, elle peut recevoir du trafic
        \n<\/span>iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
        \n<\/span>#S\u2019il y a une connexion ouverte en sortie, elle peut recevoir du trafic
        \n<\/span>iptables -A OUTPUT -m state ! –state INVALID -j ACCEPT
        \n<\/span>#On accepte la boucle locale en entr\u00e9e.
        \n<\/span>iptables -I INPUT -i lo -j ACCEPT
        \n<\/span>#Log des paquets entrants
        \n<\/span>iptables -A INPUT -j LOG
        \n<\/span>#Log des paquets forward
        \n<\/span>iptables -A FORWARD -j LOG<\/span><\/p>\n

        Autre exemple avec la table NAT qui permet de faire du NAT \ud83d\ude42 :<\/strong><\/p>\n

        #!\/bin\/sh
        \n# FLUSH de toutes les regles
        \niptables -t filter -F
        \niptables -t nat -F
        \n#POLICY par defaut
        \n<\/span>iptables -P INPUT DROP
        \niptables -P FORWARD DROP
        \niptables -P OUTPUT DROP
        \n# REJECT en sortie en sortie
        \n#autorise l adresse 2 a faire du nat
        \niptables -t nat -A POSTROUTING -s 192.168.1.0\/24 -d \/0\/0 -j SNAT –to-source 10.4.3.11
        \n# les regles se placent sur l interface pour le reseau local
        \n#iptables -A FORWARD -d 192.168.1.0\/24 -j ACCEPT
        \n#iptables -A FORWARD -s 192.168.1.0\/24 -j ACCEPT
        \niptables -A FORWARD -d 192.168.1.3 -j ACCEPT
        \niptables -A FORWARD -s 192.168.1.3 -j ACCEPT
        \n#autorise une remote connexion ssh
        \niptables -I INPUT -p tcp –sport 22 -j ACCEPT
        \niptables -I OUTPUT -p tcp –dport 22 -j ACCEPT<\/p>\n

         <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

        I\u25ba IPTABLES est un m\u00e9canisme FireWall reposant sur un syst\u00e8me de tables : La table FILTER\u00a0permet de filtrer les paquets r\u00e9seaux. Tout paquet entrant est surveill\u00e9 et rediriger …<\/p>\n","protected":false},"author":1,"featured_media":1541,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,34,39],"tags":[29],"class_list":["post-357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-linux-admin","category-tutoriels","tag-iptables-netfilter"],"yoast_head":"\nS\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"S\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours\" \/>\n<meta property=\"og:description\" content=\"I\u25ba IPTABLES est un m\u00e9canisme FireWall reposant sur un syst\u00e8me de tables : La table FILTER\u00a0permet de filtrer les paquets r\u00e9seaux. Tout paquet entrant est surveill\u00e9 et rediriger ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutoriels et Cours\" \/>\n<meta property=\"article:published_time\" content=\"2012-04-10T12:53:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-02-24T13:49:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"426\" \/>\n\t<meta property=\"og:image:height\" content=\"282\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michel BOCCIOLESI\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michel BOCCIOLESI\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/\",\"url\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/\",\"name\":\"S\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours\",\"isPartOf\":{\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg\",\"datePublished\":\"2012-04-10T12:53:01+00:00\",\"dateModified\":\"2017-02-24T13:49:13+00:00\",\"author\":{\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#\/schema\/person\/6bdfe0a1263b803645c69e3d5748dabe\"},\"breadcrumb\":{\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage\",\"url\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg\",\"contentUrl\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg\",\"width\":426,\"height\":282,\"caption\":\"Cours et turoriels Linux\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"S\u00e9curit\u00e9 Linux – NetFilter – IpTables\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#website\",\"url\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/\",\"name\":\"Tutoriels et Cours\",\"description\":\"Michel Bocciolesi | Formateur Consultant en Informatique\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#\/schema\/person\/6bdfe0a1263b803645c69e3d5748dabe\",\"name\":\"Michel BOCCIOLESI\",\"description\":\"Michel Bocciolesi est consultant et formateur sp\u00e9cialis\u00e9 en Informatique.\",\"sameAs\":[\"https:\/\/www.mb-creation-web.fr\"],\"url\":\"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/author\/michel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"S\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/","og_locale":"fr_FR","og_type":"article","og_title":"S\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours","og_description":"I\u25ba IPTABLES est un m\u00e9canisme FireWall reposant sur un syst\u00e8me de tables : La table FILTER\u00a0permet de filtrer les paquets r\u00e9seaux. Tout paquet entrant est surveill\u00e9 et rediriger ...","og_url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/","og_site_name":"Tutoriels et Cours","article_published_time":"2012-04-10T12:53:01+00:00","article_modified_time":"2017-02-24T13:49:13+00:00","og_image":[{"width":426,"height":282,"url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg","type":"image\/jpeg"}],"author":"Michel BOCCIOLESI","twitter_misc":{"\u00c9crit par":"Michel BOCCIOLESI","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/","url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/","name":"S\u00e9curit\u00e9 Linux - NetFilter - IpTables - Tutoriels et Cours","isPartOf":{"@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#website"},"primaryImageOfPage":{"@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage"},"image":{"@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage"},"thumbnailUrl":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg","datePublished":"2012-04-10T12:53:01+00:00","dateModified":"2017-02-24T13:49:13+00:00","author":{"@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#\/schema\/person\/6bdfe0a1263b803645c69e3d5748dabe"},"breadcrumb":{"@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#primaryimage","url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg","contentUrl":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-content\/uploads\/2015\/12\/linux.jpg","width":426,"height":282,"caption":"Cours et turoriels Linux"},{"@type":"BreadcrumbList","@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/securite-linux-netfilter-iptables\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/"},{"@type":"ListItem","position":2,"name":"S\u00e9curit\u00e9 Linux – NetFilter – IpTables"}]},{"@type":"WebSite","@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#website","url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/","name":"Tutoriels et Cours","description":"Michel Bocciolesi | Formateur Consultant en Informatique","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/#\/schema\/person\/6bdfe0a1263b803645c69e3d5748dabe","name":"Michel BOCCIOLESI","description":"Michel Bocciolesi est consultant et formateur sp\u00e9cialis\u00e9 en Informatique.","sameAs":["https:\/\/www.mb-creation-web.fr"],"url":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/author\/michel\/"}]}},"_links":{"self":[{"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/posts\/357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/comments?post=357"}],"version-history":[{"count":8,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/posts\/357\/revisions"}],"predecessor-version":[{"id":1658,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/posts\/357\/revisions\/1658"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/media\/1541"}],"wp:attachment":[{"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/media?parent=357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/categories?post=357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bocciolesi.fr\/tutoriels-et-cours\/wp-json\/wp\/v2\/tags?post=357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}