Remove temporary file

Signed-off-by: Holger Dengler <dengler@linutronix.de>
author: Holger Dengler <dengler@linutronix.de> 2013-04-03 00:23:40 +0200
committer: Holger Dengler <dengler@linutronix.de> 2015-02-20 16:32:50 +0100
commit: c5648a04b5dab9d407c8725658487c6844bb4495 (patch)
tree: 8a0e5d864d5c122a58675615c7f1840177674011
parent: 6c1940ae29f31466c299299d4fec13c8321dcfbb (diff)
1 files changed, 0 insertions, 426 deletions
diff --git a/security/firewall/pres_iptables.tex.bak b/security/firewall/pres_iptables.tex.bak
deleted file mode 100644
index 5ff1543..0000000
--- a/security/firewall/pres_iptables.tex.bak
+++ /dev/null
@@ -1,426 +0,0 @@
-\def\lximg{/usr/share/lx/icons/fueller.png}
-
-\input{configpres}
-
-\subsection{Firewall}
-
-\title{Firewall}
-\maketitle
-
-\def\lximg{none}
-
-\begin{frame}
-\frametitle{Contents}
-\tableofcontents
-\end{frame}
-
-% ----------------------------
-\subsubsection{Basics}
-
-\begin{frame}[fragile]
-\frametitle{Open System Interconnection Model (OSI)}
-\begin{itemize}
-\item Separate Communication Flow into Levels
-\end{itemize}
-\begin{figure}[h]
-\centering
-\includegraphics[scale=0.6]{images/firewall-osi.png}
-\end{figure}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Firewalls}
-\begin{itemize}
-\item Focus of Paket Filter
- \begin{itemize}
- \item Layer 3 and 4
- \end{itemize}
-\item Focus of Stateful Firewalls
- \begin{itemize}
- \item Layer 4 and higher
- \item Deep Packet Inspection
- \item Protocol and Application Specific Filtering
- \end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Netfilter / iptables}
-\begin{itemize}
-\item Standard Firewall for Linux
-\item based on Netfilter (Kernel)
-\item related tools (userspace)
- \begin{itemize}
- \item iptables (for IPv4)
- \item ip6tables (for IPv6)
- \item arptables (for Layer 2, ARP)
- \item ebtables (for Ethernet bridges)
- \end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\subsubsection{Elements}
-
-\begin{frame}
-\frametitle{Workflow}
-\begin{figure}[h]
-\centering
-\includegraphics[scale=0.5]{images/firewall-schema.png}
-\end{figure}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Tables}
-\begin{itemize}
-\item Multiple Chains
-\item One Table for each Hook
-\begin{itemize}
-\item raw: Pre-connection Tracking
-\item mangle: Packet Modification
-\item nat: Network Address Translation
-\item filter: Packet filtering, e.g. for Security
-\item security: for Mandatory Access Control, e.g. SELinux
-\end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Chains (1)}
-\begin{itemize}
-\item Multiple Rules
-\item Processing from top to bottom
-\item Pre-defined Chains
-\begin{itemize}
-\item PREROUTING: Packet reception
-\item INPUT: Locally delivered
-\item FORWARD: Forwarding
-\item OUTPUT: Locally produced
-\item POSTROUTING: Packet send
-\end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Chains (2)}
-\begin{itemize}
-\item User-defined Chains
-\item Simple reuse for multiple projects
-\item Sepatare common Rules
-\item Standard Services and Protocols
-\begin{itemize}
-\item Web-Services
-\item Remote Access
-\item Virtual Private Network (VPN)
-\item NTP
-\end{itemize}
-\item Standard Behavior
-\begin{itemize}
-\item LOG and DROP
-\item Bandwidth throtteling
-\end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Rules (1)}
-\begin{itemize}
-\item Specification
-\begin{itemize}
-\item Source/Destination: Address, Mask, and Port
-\item In- and Out-Interface
-\end{itemize}
-\item Match extension
-\begin{itemize}
-\item protocol specific: icmp, tcp udp, \dots
-\item connbytes/-limit/-mark/-track
-\item state
-\item time
-\end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\begin{frame}
-\frametitle{Rules (2)}
-\begin{itemize}
-\item Actions (final)
-\begin{itemize}
-\item ACCEPT
-\item REJECT
-\item DROP
-\end{itemize}
-\item Actions (continue)
-\begin{itemize}
-\item LOG
-\item JUMP
-\item GOTO
-\item RETURN
-\end{itemize}
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\subsubsection{Tools}
-
-\begin{frame}
-\frametitle{Tools}
-\begin{itemize}
-\item Configuration
-\begin{itemize}
-\item iptables / ip6tables
-\item iptables-persistence
-\item shorewwall
-\item fwbuilder
-\end{itemize}
-\item Analysis
-\begin{itemize}
-\item Logfile
-\item nmap
-\item wireshark
-\item Kali-Linux
-\end{itemize}
-\end{itemize}
-Note: Use nmap and Kali-Linux \emph{very} carefully!
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{iptables: Commands}
-\begin{beamerboxesrounded}[shadow=true]{Show all Chains of Table \emph{filter}:}
-\begin{tiny}
-\begin{verbatim}
-iptables -t filter -L
-iptables -L             # Table filter is default
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-
-\begin{beamerboxesrounded}[shadow=true]{Flush all Chains:}
-\begin{tiny}
-\begin{verbatim}
-iptables -F
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-
-\begin{beamerboxesrounded}[shadow=true]{Set default Policies:}
-\begin{tiny}
-\begin{verbatim}
-iptables -P <CHAIN> <ACTION>
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-
-\begin{beamerboxesrounded}[shadow=true]{User-defined Chains:}
-\begin{tiny}
-\begin{verbatim}
-iptables -N <CHAIN>      # create new chain
-iptables -X <CHAIN>      # delete chain
-iptables -E <old> <new>  # rename chain
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{iptables: Commands}
-\begin{beamerboxesrounded}[shadow=true]{Rules:}
-\begin{tiny}
-\begin{verbatim}
-iptables -A <CHAIN> <rule-spec>            # append rule to chain
-iptables -D <CHAIN> <rule-spec>            # remove rule from chain
-iptables -D <CHAIN> <rule-num>
-iptables -I <CHAIN> <rule-num> <rule-spec> # insert rule in chain as rule-num
-iptables -R <CHAIN> <rule-num> <rule-spec> # replace rule in chain
-iptables -F <CHAIN>                        # flush all rules in chain
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{iptables: Commands}
-\begin{beamerboxesrounded}[shadow=true]{Rule specifications:}
-\begin{tiny}
-\begin{verbatim}
---source <addr>/<mask>       # match source IP/IP-range
---sport <port>               # match source port
---destination <addr>/<mask>  # match destination IP/IP-range
---dport <port>               # match destination port
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-
-\begin{beamerboxesrounded}[shadow=true]{Match extentions:}
-\begin{tiny}
-\begin{verbatim}
---modprobe <module>              # load target or match extension module
---m connstate --ctstate <state>  # extention connstate, match state
---m icmp --icmp-type <type>      # extention icmp-type, match packet type
---m limit --limit <rate>/<ival>  # extention limit, limit to rate per interval
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\subsubsection{Pitfalls}
-
-\begin{frame}
-\frametitle{Pitfalls}
-\begin{itemize}
-\item IPv4 and IPv6
-\item complex or multi port protocols (e.g. FTP)
-\item Infrastructure Services (e.g. DHCP, DNS)
-\end{itemize}
-\end{frame}
-
-% ----------------------------
-\subsubsection{Examples}
-
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{Preparation}
-\begin{tiny}
-\begin{verbatim}
-# set default policy
-iptables -P INPUT DROP   # opt: REJECT, ACCEPT
-iptables -P FORWARD DROP # opt: REJECT, ACCEPT
-iptables -P OUTPUT DROP  # opt: REJECT, ACCEPT
-# flush all tables
-iptables -F
-...
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{SSH-Client}
-\begin{tiny}
-\begin{verbatim}
-#
-# Allow incoming traffic only
-# on established connections
-#
-iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-iptables -A INPUT  -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED     -j ACCEPT
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{Web-Server}
-\begin{tiny}
-\begin{verbatim}
-#
-# Allow outgoing traffic only
-# on established connections
-#
-iptables -A INPUT  -i eth0 -p tcp --dport 80  -m state --state NEW,ESTABLISHED -j ACCEPT
-iptables -A OUTPUT -o eth0 -p tcp --sport 80  -m state --state ESTABLISHED     -j ACCEPT
-iptables -A INPUT  -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED     -j ACCEPT
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{FTP-Server (iptables-persistant script)}
-\begin{tiny}
-\begin{verbatim}
-*filter
-:INPUT   DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT  DROP [0:0]
-
-# FTP Server
--A INPUT  -p TCP -i eth0 --dport 21 -m state --state NEW                 -j ACCEPT
--A INPUT  -p ALL -i eth0            -m state --state ESTABLISHED,RELATED -j ACCEPT
--A OUTPUT -p ALL -o eth0            -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-# Important: always necessary for iptables-restore
-COMMIT
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{User-defined LOGDROP chain}
-\begin{tiny}
-\begin{verbatim}
-# create new chain
-iptables -X LOGDROP
-iptables -N LOGDROP
-iptables -A LOGDROP -m limit --limit 2/min -j LOG --log-prefix "LOGDROP: " --log-level 7
-iptables -A LOGDROP -j DROP
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\begin{frame}[containsverbatim]
-\frametitle{Example}
-\begin{beamerboxesrounded}[shadow=true]{Trace all outgoing traffic}
-\begin{tiny}
-\begin{verbatim}
-*filter
-
-# create new chain
--N LOGACCEPT
--A LOGACCEPT -j LOG
--A LOGACCEPT -j ACCEPT
-
-:INPUT   ACCEPT    [0:0]
-:FORWARD ACCEPT    [0:0]
-:OUTPUT  LOGACCEPT [0:0]
-
-# Important: always necessary for iptables-restore
-COMMIT
-\end{verbatim}
-\end{tiny}
-\end{beamerboxesrounded}
-\end{frame}
-
-% ----------------------------
-\subsubsection{Related Links}
-
-\begin{frame}
-Project Homepage
-\begin{itemize}
-\item \url{http://www.netfilter.org/projects/iptables/}
-\end{itemize}
-Tools
-\begin{itemize}
-\item Firewall Builder \\
-      \url{http://www.fwbuilder.org/}
-\item Shorewall \\
-      \url{http://shorewall.net/}
-\item Kali-Linux \\
-      \url{http://www.kali.org/}
-\end{itemize}
-\end{frame}
-
-\subsection{}
-\input{tailpres}
author	Holger Dengler <dengler@linutronix.de>	2013-04-03 00:23:40 +0200
committer	Holger Dengler <dengler@linutronix.de>	2015-02-20 16:32:50 +0100
commit	c5648a04b5dab9d407c8725658487c6844bb4495 (patch)
tree	8a0e5d864d5c122a58675615c7f1840177674011
parent	6c1940ae29f31466c299299d4fec13c8321dcfbb (diff)