- Introduction to Firewalls
- IP Tables
- Dedicated Linux Firewalls
Introduction to Firewalls
- Firewalls protect network perimeters
- Not total security solution, but important part of defense in depth strategy
- Firewalls act as traffic cops
- Allow only traffic that meets specific requirements is allowed to pass through
- Can filter on port, protocol, address, or established connection
- Higher level firwalls also filter on packet contents(application-level firewall)
- Linux has several built-in firewall capabilities
- Can act as a host-based firewall
- Can act as a dedicated enterprise-level firewall
- Can take adantage of older, recycled hardware
- Built-in firewalls include IPChains and IPTables
- Dedicted firewalls include IPCop and Smoothwall
IPTables
- Replaces older IPChains firewall in Linux
- Available since 2.4 kernel
- Allows configuration of built-in firewall rules for host-based protection
- Stateful packet filtering firewall
- Can filter based upon source IP address, protocol, port, and connection state
- Can filter based upon MAC address
- Can also filter out malformed packets based upon TCP flags set in packet
- Packets enter host and are processed through one of 3 ‘tables’:
- ‘mangle’ table – responsible for changing QOS bits in packet
- ‘filter’ table – contains 3 ‘chains’ used to process traffic
- ‘nat’ table – used to manage changing packet’s source or destination address when using NAT
- ‘nat’ table has 2 chains:
- Pre-routing(changes destination address)
- Post-routing(changes source address)
- Packets entering ‘filter’ table go through 3 ‘chains’ to determine where packets are sent to:
- INPUT chain is for packets destined for host
- FORWARD chain is for packets destined for other hosts on network
- Forwarding must be enabled and route must be available for packets to traverse FORWARD chain – usually multiple interfaces on box(router)
- OUTPUT chain is result of program on local machine generating traffic and packets sent outbound from host
- Once correct chain is determined, traffic is subject to user-defined rules for chain
- Rules are checked in order they were entered until a match is found
- If no matches found, packet processed through default chain rule
- Log(packet is logged in syslogd)
- DNAT(processed through NAT table for destination address change)
- SNAT(processed through NAT table for source address change)
- IPTables configured through ‘iptables’ command
- Can be configured through graphical ‘Webmin’ interface
Dedicated Linux Firewalls
- Dedicated Linux appliances serve as enterprise firewalls
- Usaually specially configured kernel with only necessary services to provide firewall,NAT, and VPN services
- Can be motherboard-embedded or disk
- Two popular dedicated firewall solutions include Smoothwall and IPCop
- Small distributions that are very lean
- Easily installed
- Uses lower-end equipment that can be reused
- Both managed through web interface
- Provide dedicated solutions for firewall, routing, VPN, and NAT
- Updaeable over web
- Several other solutions exist as well
Latest posts by Rajesh Kumar (see all)
- How to Choose Wireless Access Points for Office - December 13, 2024
- Online Real Estate Courses: Navigating the Shift to Digital Education - December 13, 2024
- From Concept to Implementation: IoT Services Redefining Modern Solutions - December 13, 2024