Iptables Firewall Setup

Date: Aug 20, 2025
Tags: Network Security

git testing - {{date}}

I. Introduction

1.1 Context & Purpose
  • Briefly explain what you’re doing and why.
  • If relevant, mention a key concept (but keep it brief).
1.2 What This Covers
  • High-level overview of what will be discussed.
  • Mention any specific focus (e.g., configurations, security tests, troubleshooting).

II. Setup & Environment

2.1 Network & Tools Overview
  • Diagram (if applicable)
  • Devices, OS versions, key software used
2.2 Prerequisites / Preparations

  • Installed AntiX Linux system (ssh)

  • Router

  • Any assumptions about the setup.

III. Execution & Findings

3.1 Current Configuration

“Pasted image 20250820055125.png” could not be found.
Before starting, I take a look at the current network configuration.

Applying Intuitive Interface Names
After taking note of the MAC addresses, we want to use 00:03:0d:53:17:49 as WAN and 00:e0:4c:36:06:d7 as LAN.

I changed the interface names on /etc/udev/rules.d/70-persistent-net.rules
“Pasted image 20250820060442.png” could not be found.

sudo udevadm control --reload-rules
sudo udevadm trigger --subsystem-match=net

“Pasted image 20250820061247.png” could not be found.

Assign static IP Address
Updated /etc/network/interfaces and restarted the service with sudo service networking restart

auto lo
iface lo inet loopback

# WAN
auto wan0
iface wan0 inet static
        address 192.168.1.250
        netmask 255.255.255.0
        gateway 192.168.1.1
        nameserver 8.8.8.8 8.8.4.4

# LAN
auto lan0
        iface lan0 inet static
        address 172.16.0.1
        netmask 255.255.255.0

# Route to LAB network
up ip route add 10.0.0.0/24 via 172.16.0.2 dev lan0

I verified the changes with ip a and ip route command.
“Pasted image 20250820062335.png” could not be found.
“Pasted image 20250820062824.png” could not be found.

Enable IP Forwarding
allowed ipv4 forwarding on /etc/sysctl.conf and applied the changes using sudo sysctl -p
“Pasted image 20250820063606.png” could not be found.

/etc/iptables/rules.v4
“Pasted image 20250820064501.png” could not be found.

Router setup
“Pasted image 20250820065110.png” could not be found.
“Pasted image 20250820065125.png” could not be found.
“Pasted image 20250820071515.png” could not be found.

“Pasted image 20250820071619.png” could not be found.

Testing by blocking HTTP Traffic

# Log HTTP traffics
-A FORWARD -i lan0 -o wan0 --dport 80 -j LOG --log-prefix "Block_HTTP"
# Block HTTP packet
-A FORWARD -i lan0 -o wan0 --dport 80 -j DROP

sudo iptables-restore < /etc/iptables/rules.v4

“Pasted image 20250821075416.png” could not be found.

3.2 Challenges & Fixes
  • What issues popped up?
  • How did you troubleshoot and solve them?
  • Any commands or configurations that were adjusted?

IV. Observations & Insights

  • What patterns, behaviors, or unexpected results did you notice?
  • How effective was the implementation?

V. Considerations & Next Steps

  • Things to improve or optimize.
  • Alternative approaches to try next time.

VI. Conclusion

  • Final thoughts, main takeaways.
  • What did you gain from this?

References (if any)

Temu.com, IP Range: 151.101.0.0/22