Lab 9 - Firewalls and Nessus

The first part of this lab will be a brief lecture covering section 7.4 in Pfleeger's book on firewalls. The second half of the lab will put firewalls on the Linux virtual machines and see how that affects the results of running a Nessus scan on the machine.

The primary firewall on modern Linux OSes is the iptables firewall created by netfilter. The documentation has several articles of interest, in particular the netfilter/iptables HOWTO, the packet filtering HOWTO and the tutorials.

Here is an example of an iptables firewall that allows related (stateful) connections on the incoming interface and all new connections to TCP port 22 but denies all others:

iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p TCP --sport 1024: --dport 22 --syn -j ACCEPT
Create a firewall on the Linux virtual machines and test out blocking and allowing various ports (or all connections). After each change, scan with Nessus to see how it affects the Nessus reports. Your writeup should include what types of firewall rules you tried and the effect it had on the Nessus reports.

Email your writeup to my Helios account.