Configuring IP tables and Firewalls in Ubuntu 22.04

ip addr = This command is used to show the network interface of the machine

eth0 is the default network interface in ubuntu machines

To configure IP tables, we need to install ip tables in the ubuntu machine

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install iptables

List the IP tables = sudo iptables -t filter -L -v

Drops all input rules = sudo iptables -P INPUT DROP

Allows only ssh port = sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT

To block traffic from specific IP = sudo iptables -A INPUT -s 123.123.123.123 -j DROP

To save IP tables= sudo iptables-save > /etc/iptables/rules.v4

Persistence IP tables on restart = sudo service iptables save

sudo apt-get update
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
sudo service iptables save
sudo systemctl enable iptables

vim allow_outbound.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Allow all outbound traffic
cmd := exec.Command(“iptables”, “-P”, “OUTPUT”, “ACCEPT”)

err := cmd.Run()
if err != nil {
    fmt.Println("Error allowing outbound traffic:", err)
} else {
    fmt.Println("Outbound traffic allowed.")
}

}

vim block_outbound.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Block all outbound traffic
cmd := exec.Command(“iptables”, “-P”, “OUTPUT”, “DROP”)

err := cmd.Run()
if err != nil {
    fmt.Println("Error blocking outbound traffic:", err)
} else {
    fmt.Println("Outbound traffic blocked.")
}

}

sudo apt update
sudo apt install golang-go

go run allow_outbound.go

go run block_outbound.go

vim block_http_inbound.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Block inbound HTTP traffic on port 80
cmd := exec.Command(“iptables”, “-A”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-j”, “DROP”)

err := cmd.Run()
if err != nil {
    fmt.Println("Error blocking inbound HTTP traffic:", err)
} else {
    fmt.Println("Inbound HTTP traffic blocked.")
}

}

vim unblock_http_inbound.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Unblock inbound HTTP traffic on port 80
cmd := exec.Command(“iptables”, “-D”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-j”, “DROP”)

err := cmd.Run()
if err != nil {
    fmt.Println("Error unblocking inbound HTTP traffic:", err)
} else {
    fmt.Println("Inbound HTTP traffic unblocked.")
}

}

vim limit_http_inbound.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Limit inbound HTTP traffic to 100 requests per minute per IP
cmd := exec.Command(“iptables”, “-A”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-m”, “hashlimit”, “–hashlimit”, “100/min”, “–hashlimit-mode”, “srcip”, “–hashlimit-name”, “inbound_http_limit”, “-j”, “ACCEPT”)

err := cmd.Run()
if err != nil {
    fmt.Println("Error setting up limit for inbound HTTP traffic:", err)
} else {
    fmt.Println("Inbound HTTP traffic limit set to 100 requests per minute per IP.")
}

}

vim setup_firewall_and_logging_all_traffic.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Allow inbound HTTP traffic on port 80
allowHTTPCmd := exec.Command(“iptables”, “-A”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-j”, “ACCEPT”)
if err := allowHTTPCmd.Run(); err != nil {
fmt.Println(“Error allowing inbound HTTP traffic:”, err)
return
}
fmt.Println(“Inbound HTTP traffic allowed on port 80.”)

// Log all incoming traffic
logInputCmd := exec.Command("iptables", "-A", "INPUT", "-j", "LOG", "--log-prefix", "Incoming Traffic: ")
if err := logInputCmd.Run(); err != nil {
    fmt.Println("Error setting up logging for incoming traffic:", err)
    return
}
fmt.Println("Logging for all incoming traffic set up.")

// Log all outgoing traffic
logOutputCmd := exec.Command("iptables", "-A", "OUTPUT", "-j", "LOG", "--log-prefix", "Outgoing Traffic: ")
if err := logOutputCmd.Run(); err != nil {
    fmt.Println("Error setting up logging for outgoing traffic:", err)
    return
}
fmt.Println("Logging for all outgoing traffic set up.")

}

Installing cloudwatch agent to get the logs
wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb

Starting cloudwatch wizard
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s

Adding json file to agent
cd /opt/aws/amazon-cloudwatch-agent/etc/
vim cloudwatch-config.json

{
“agent”: {
“metrics_collection_interval”: 60,
“run_as_user”: “cwagent”
},
“logs”: {
“logs_collected”: {
“files”: {
“collect_list”: [
{
“file_path”: “/var/log/syslog”,
“log_group_name”: “syslog”,
“log_stream_name”: “{instance_id}”,
“timezone”: “Local”
}
]
}
}
}
}

Start the agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/cloudwatch-config.json -s

check status
sudo systemctl status amazon-cloudwatch-agent.service

Movie the json file to the correct path,
sudo mv /opt/aws/amazon-cloudwatch-agent/etc/cloudwatch-config.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json

vim run_block_80.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Delete the rule that allows inbound HTTP traffic on port 80
deleteAllowCmd := exec.Command(“iptables”, “-D”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-j”, “ACCEPT”)
if err := deleteAllowCmd.Run(); err != nil {
fmt.Println(“Error deleting allow inbound HTTP traffic rule:”, err)
// No return here; continue to the next command
} else {
fmt.Println(“Allow inbound HTTP traffic rule deleted.”)
}

// Add a rule to log dropped inbound HTTP traffic on port 80
logDropCmd := exec.Command("iptables", "-I", "INPUT", "-p", "tcp", "--dport", "80", "-j", "LOG", "--log-prefix", "Dropped HTTP traffic: ")
if err := logDropCmd.Run(); err != nil {
    fmt.Println("Error adding log for dropped inbound HTTP traffic:", err)
    // No return here; continue to the next command
} else {
    fmt.Println("Log for dropped inbound HTTP traffic added.")
}

// Add a rule to block inbound HTTP traffic on port 80
blockCmd := exec.Command("iptables", "-A", "INPUT", "-p", "tcp", "--dport", "80", "-j", "DROP")
if err := blockCmd.Run(); err != nil {
    fmt.Println("Error blocking inbound HTTP traffic:", err)
    // No return here; even if blocking fails, the script will end normally
} else {
    fmt.Println("Inbound HTTP traffic blocked on port 80.")
}

}

vim delete_p_80_add_drop.go

package main

import (
“fmt”
“os/exec”
)

func main() {
// Delete the rule that allows inbound HTTP traffic on port 80
deleteAllowCmd := exec.Command(“iptables”, “-D”, “INPUT”, “-p”, “tcp”, “–dport”, “80”, “-j”, “ACCEPT”)
if err := deleteAllowCmd.Run(); err != nil {
fmt.Println(“Error deleting allow inbound HTTP traffic rule:”, err)
return
}
fmt.Println(“Allow inbound HTTP traffic rule deleted.”)

// Add a rule to log dropped inbound HTTP traffic on port 80
logDropCmd := exec.Command("iptables", "-I", "INPUT", "-p", "tcp", "--dport", "80", "-j", "LOG", "--log-prefix", "Dropped HTTP traffic: ")
if err := logDropCmd.Run(); err != nil {
    fmt.Println("Error adding log for dropped inbound HTTP traffic:", err)
    return
}
fmt.Println("Log for dropped inbound HTTP traffic added.")

// Add a rule to block inbound HTTP traffic on port 80
blockCmd := exec.Command("iptables", "-A", "INPUT", "-p", "tcp", "--dport", "80", "-j", "DROP")
if err := blockCmd.Run(); err != nil {
    fmt.Println("Error blocking inbound HTTP traffic:", err)
    return
}
fmt.Println("Inbound HTTP traffic blocked on port 80.")

// The logging rules are assumed to be already in place and are not modified

}