FIREWALL

EXPLORATION LAB
SHIVAM PISAL
568485840
Environment Setup Using Containers

Task 1: Implementing a Simple Firewall

We follow the code in the task prompt. First write the module and the corresponding compiled file, and
then compile the code.
We observe the information output by the kernel, then load the module into the kernel and remove it from
the kernel, we can see when we load the code and when we remove the code both shows up, above
Task 1.B: Implement a Simple Firewall Using Netfilter
First, we ping 8.8.4.4 and check if ping is working or not, the blockUDP function is mainly used to filter data
packets with destination address 8.8.4.4 and destination port. 53, the printInfo function is used to print the
information of the data packet.UDP

I added the icmp.h header file and changed the ip to 8.8.4.4, as we can see in below screenshot
I also ping example.com, to check if it works
Compile the sample code, then load the module and check whether it is loaded, we can see seedFilter.ko in
above screenshot, hence our make file has worked with no issues
We, run dig again and see that it gets dropped, and we can also see in below screenshot that dig gets
timed out, because it is dropped by our filter
After this, we remove the module and move onto next subtask

Task 2

In Task 2 we do add a function to print packet information to each hook function to observe the order in
which each hook function is executed, we make the following changes to the makefile and the code.
The above are the contents of seedPrint.c
We then make and insert seedPrint.ko, we can see in below screenshot “seedPrint → Registering Filters”

We can observe all the hooks that we added, IN, OUT, PRE and POST routing, after this we remove this
module and move to task 3
Task 3

We need to disable ping and telnet, first we just check if ping and telnet are operating normally

We follow same steps as task2, but this time we copy contents to new module called seedBlock.c
The above are the functions to block ping and telnet,
We have 4 hooks, we then makefile and insert the module, as shown below
We observe “SeedBlock: Registering Filters”

When we try to ping and telnet, it does not work as shown below
Task 2: Experimenting with Stateless Firewall Rules

The above screenshots are just to see, how iptables work.

Task 2.A: Protecting the Router

In this task what we need to do is to allow ping, but not other operations, first we go into root of router,
and add the following rules

We can see when we try to ping or telnet it does not work

Task 2.B: Protecting the Internal Network

The requirements for this task are

External network machines cannot ping the internal network

External network machines can ping the router

Internal network machines can ping external network machines

Other data packets between the internal network and the external network need to be discarded

The internal host can ping the external host. The external host cannot ping the internal host, but can ping
the router. The internal host and the external host cannot communicate, as shown below
We can see the telnet also does not work to router or to host1
Task 2.C: Protecting Internal Servers

You can only remotely log in to 192.168.60.5 from the external network, and cannot log in to other internal
network machines.

External network machines cannot connect to internal network services

Intranet machines can use the services of other intranet machines

Internal network machines cannot connect to external network services

First, we just telnet to verify it work or not then, we see external machines can connect to 192.168.60.5,
but cannot connect to other internal machines, we change the rule in below screenshot
We can see internal machines can connect to other internal machines, but cannot connect to external
machines.
We try to listen using -lt as it works as tcp server, I type my name to see if it connects to inside server, but
it does not work as shown below
Task 3: Connection Tracking and Stateful Firewall

Task 3.A: Experiment with the Connection Tracking

We first check the connection tracking, we have 0 flow entries, after that I ran the ping command in
background and ran the connection tracking again and we can observe that there is 1 flow entry as shown
in below screenshots.
We see that the ping is running in background and after I kill the ping, it is observed that the connection
tracking end (0 flow entries) after a few seconds only
There is no connection tracking before sending the message. It's there after you send the message. After a
few seconds, the message disappears.

It is observed that Connection Tracking occurs after the connection is established but before the message
is sent. After the communication is transmitted, the Connection Tracking remains active. After the message
is sent, the Connection Tracking remains active, and the status is ESTABLISHED. I didn't see that Connection
Tracking had disappeared, so I ended the TCP connection and discovered that Connection Tracking was still
active with the status TIME_WAIT. After a short period of time (2-3 minutes), Connection Tracking ceased,
as shown in below screenshot
Task 3.B: Setting Up a Stateful Firewall

This task is very similar to task2c

Task requirements: You can only remotely log in to 192.168.60.5 from the external network, and cannot
log in to other internal network machines.

External network machines cannot connect to internal network services

Intranet machines can use the services of other intranet machines

Intranet machines can connect to external network services

We first make the necessary rule changes in the router

The first line allows external machines to connect to 192.168.60.5 for the first time; the second line allows
internal and external machines to establish connections for the first time; the third line allows machines
that have previously established connections to continue to connect; and the fourth line denies the
remaining tcp port. Request; the fourth line specifies that interaction with other packets is permitted.
Task 4: Limiting Network Traffic

The main problem of this task is the limitation of network data transmission

We run ping command with only first rule change and can observe it runs like normal
Then we also make the second rule change and can observe the change in ping command as shown in
above screenshot, it is a difference of ~6 seconds, It is possible that without the second command, it does
not know how to handle data packets that exceed the limit, so it continues to transmit using the default
rules. With the second command, data packets that exceed the limit are immediately eliminated.

Task 5: Load Balancing

We first check with only round robin mode, as shown in screenshots below
We observe, the data shows up on server1 but not server2 and server3

Then we add the rules to make the distribution even, as shown in above screenshot on right side, and from
server side, we echo 3 times and can observe in below screenshots, it shows up on server1, server2 and
server3 respectively
Next, we have the probability allocation method, I use 0.3333 as we have 3 servers, so 1/3 = 0.333

Then we are left with 2, so 1/2 = 0.5 and finally with 1 server, hence 1

We echo from router side a couple of times and observe the following,
Server1 gets 5 and 6
Server2 gets 4

Server 3 gets 7