IPtables for security of Linux-based information networks

The article discusses the main components of information security: confidentiality, integrity and accessibility. Passwords, encryption, authentication, and intrusion protection are methods designed to ensure confidentiality. Integrity means maintaining the data in its original state and preventing its modification: accidental or malicious. Ensuring the availability of information is understood as the compliance of network and computing resources with the expected amount of data access and the implementation of a backup policy for disaster recovery purposes. To ensure the security of information networks based on RedOS, the iptables utility, used to configure the Linux kernel firewall, has proven itself in the best way. Despite the fact that at first glance the implementation of IP routing in Linux may look quite complicated, in practice the most common use cases (NAT and/or basic Internet firewall) are much easier to implement. Iptables is a custom utility that allows you to work with chains/rules. The article describes in detail the principles of iptables operation, provides a detailed description of the NAT, mangle, filter, raw tables and chains. The NAT table is used to translate network addresses, mangle is used to distort packets, filter makes it possible to filter packets, raw and its chains are used before any other tables in netfilter. The input chain is used to process incoming packets and connections, forward - for passing packets, output - for outgoing packets. It is shown that to ensure the safety of the functioning of computer classes and the entire network infrastructure as a whole, only two tables are sufficient: filter and nat. Other tables are designed for complex configurations involving multiple routers and routing solutions. The results of using iptables based on the experience of administration of information networks based on RedOS in the federal state budgetary educational institution of higher education PSUTI are presented.