firewalling with linux internet firewalls are intended to keep the flames of internet hell out of...
TRANSCRIPT
Firewalling with Linux
Internet firewalls are intended to keep the flames of Internet Hell out of your private LAN. Or, to keep the members
of your LAN pure and chaste by denying them access to all the evil
Internet temptations. ;-)
Firewall-HOWTO
Firewalling with Linux
Your network is not secure. The problem of allowing rapid, convenient
communication while restricting its use to good, and not evil intent is congruent to other intractable
problems such as allowing free speech while disallowing a call of “Fire!” in a crowded theater. It will not be solved
in the space of this HOWTO.Packet-filtering-HOWTO
Build Procedure
Netfilter and IPTables
1) Planning● What role will this machine play?● Dedicated firewall?● Will it be routing more than the internet?
● Does it have a static or dynamic public ip?
● What public services will be available (smtp,http,ftp..)?
Build Procedure
Netfilter and IPTables
2) Kernel Compilation
Build Procedure
Netfilter and IPTables
3) Reboot
Build Procedure
Netfilter and IPTables
4) Build the firewall script
Build Procedure
Netfilter and IPTables
5) Update boot symlinks ● Put script in /etc/init.d● Create symlinks in /etc/rc[2345].d● (update-rc.d on debian)
TCP: Packet Structure
● Source Address● Source Port● Destination Address● Destination Port
Netfilter and IPTables
Src Port Dest Port
Dest Addr
Src Addr
---- 32-bits wide ----
TCP: 3 Packet Handshake
● Client sends a connect request (SYN)● Server sends an
acknowledgement(SYNACK)● Client sends an acknowledgement(ACK)
Netfilter and IPTables
Useful Tools● ping● tcpdump● ethereal● nmap● lsconntrack● iptraf● iptables
Netfilter and IPTables
Netfilter Links
Source, Mailing lists, tutorials, HOWTOs and all things Netfilter
http://netfilter.samba.org
Netfilter and IPTables