Firewalling with Linux

Internet firewalls are intended to keep the flames of Internet Hell out of your private LAN. Or, to keep the members

of your LAN pure and chaste by denying them access to all the evil

Internet temptations. ;-)

Firewall-HOWTO

Firewalling with Linux

Your network is not secure. The problem of allowing rapid, convenient

communication while restricting its use to good, and not evil intent is congruent to other intractable

problems such as allowing free speech while disallowing a call of “Fire!” in a crowded theater. It will not be solved

in the space of this HOWTO.Packet-filtering-HOWTO

Build Procedure

Netfilter and IPTables

1) Planning● What role will this machine play?● Dedicated firewall?● Will it be routing more than the internet?

● Does it have a static or dynamic public ip?

● What public services will be available (smtp,http,ftp..)?

Build Procedure

Netfilter and IPTables

2) Kernel Compilation

Build Procedure

Netfilter and IPTables

3) Reboot

Build Procedure

Netfilter and IPTables

4) Build the firewall script

Build Procedure

Netfilter and IPTables

5) Update boot symlinks ● Put script in /etc/init.d● Create symlinks in /etc/rc[2345].d● (update-rc.d on debian)

TCP: Packet Structure

● Source Address● Source Port● Destination Address● Destination Port

Netfilter and IPTables

Src Port Dest Port

Dest Addr

Src Addr

---- 32-bits wide ----

TCP: 3 Packet Handshake

● Client sends a connect request (SYN)● Server sends an

acknowledgement(SYNACK)● Client sends an acknowledgement(ACK)

Netfilter and IPTables

Useful Tools● ping● tcpdump● ethereal● nmap● lsconntrack● iptraf● iptables

Netfilter and IPTables

Netfilter Links

Source, Mailing lists, tutorials, HOWTOs and all things Netfilter

http://netfilter.samba.org

Netfilter and IPTables