Network

Beginners Guide to nftables Traffic Filtering

The replacement of iptables is known as nftables. In this introduction, we learn to install nftables and configure it, to secure your Linux systems.

Summary of Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable.

Read the full article…

BPFILTER: the next-generation Linux firewall

BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.

Summary of BPFILTER: the next-generation Linux firewall

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF.

Read the full article…

Differences between iptables and nftables explained

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Summary of Differences between iptables and nftables explained

The seasoned Linux administrator will be familiar with iptables, the network traffic filter. If you ever configured a Linux system with an ethernet bridge configuration, you might even have worked with ebtables. Or possibly you wanted to filter ARP traffic and used arptables? Newcomer nftables has arrived, with the purpose to replace iptables, ip6tables, ebtables and arptables. As with every big upcoming change, it is good to know the differences. We explain what makes nftables different to iptables, and why you want to adopt it in the near future.

Read the full article…

Filtering ARP traffic with Linux arptables

Filtering ARP traffic is easy with the arptables utility. In this article we look at the possibilities of arptables and provides example of using it.

Summary of Filtering ARP traffic with Linux arptables

Most Linux system administrators will be familiar with iptables on Linux. Less known is the arptables utility, which controls filtering arp packets. Installation of arptables The arptables utility is easy to set-up, as the main functionality is already implemented in the Linux kernel. Just install the arptables package on your favorite Linux distribution. Debian / Ubuntu: apt install arptables Red Hat: yum install arptables Configuration example To show the effect of filtering traffic, we will show an example by filtering router traffic and blocking it.

Read the full article…

How to clear the ARP cache on Linux?

Clearing the ARP cache on Linux is easy with the arp or ip utility. This blog post will help you to clear the cache with examples for both utilities.

Summary of How to clear the ARP cache on Linux?

There are several reasons when you might need to clear your ARP cache. There are two common ways on Linux systems, typically using the arp or ip utility. Depending on your Linux distribution and the availability, we suggest using the ip tool. Clearing cache with ip Newer Linux distributions have the ip utility. The ip tool has a more advanced way to clear out the full ARP cache. ip -s -s neigh flush all

Read the full article…

Linux Audit: Auditing the Network Configuration

This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.

Summary of Linux Audit: Auditing the Network Configuration

Within this article we have a look on how to audit and check the network configuration of Linux and other systems. The main focus is on gathering information and discover how systems are configured. By taking these steps we will do a manual audit. For efficiency reasons we suggest to use an automated tool like Lynis. Where to start? Each Linux distribution has their own way and files to configure the network.

Read the full article…

Linux Security Guide for Hardening IPv6

Extensive guide to help you secure your IPv6 configuration on Linux. From initial set-up to hardening the kernel with sysctl.

Summary of Linux Security Guide for Hardening IPv6

Version 6 of Internet Protocol is now 20+ years available. You would think it is widely available now, right? Not exactly. Still many internet providers don’t have it deployed for their customers. Hosting companies are not always eager to deploy it either. Mostly because of lacking knowledge. To get at east more knowledge shared on the security side of IPv6, we have crafted this guide. Hopefully it will be a practical guide for your to configure and tune your configurations.

Read the full article…

List network interfaces on Linux

Show the available network interfaces and information on Linux with the right tools. We cover common replacements for iptables and netstat, with examples.

Summary of List network interfaces on Linux

The network configuration is a common place to start during system configuration, security audits, and troubleshooting. It can reveal useful information like MAC and IP addresses. This guide helps you to gather this information on Linux, including listing all available network interfaces and its details. Show network interfaces Linux Every Linux distribution is using its own way of configuring the network configuration details. Therefore, it is good to know which tools can be used to query these details in a generic way.

Read the full article…

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.

Summary of The purpose of the /etc/networks file

Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. Output of /etc/networks When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does not work on subnets Surprisingly enough a test with subnetting actually showed the right names during our test.

Read the full article…

Which Linux process is using a particular network port?

Seeing the 'address in use' error or need to find out which process is listening to a particular port on Linux? Here are the tools to find out!

Summary of Which Linux process is using a particular network port?

Most network related services have to open up a network socket, so they can start listening for incoming network requests. It is common to find the TCP or UDP being used as the main communication protocol. In this article, we will check what ports are used by which Linux process. Auditing processes and network services Find out what process is listening to a port Only one process can actively listen to a TCP or UDP port.

Read the full article…