Network Computingwww.networkcomputing.com

Your Iptable Is Ready: Using A Linux Firewall

Posted by Ross Greenberg
March 21, 2005

Tags: ICMP, IP address, Intrernet, LAN, Ross Greenberg, cracker, exploit, filter, firewall, hacker, linux, manual attack, netfilter, network, networking, open source, packet, ping, ping of death, security, unix, Data Protection, Linux Firewalls, Other, Security, Security and Privacy, Software and Web Development, iptables

Channel: Other, Data Protection

In the Wild West atmosphere of the Internet, firewalls are a popular topic. That's a good thing: Whether you're responsible for hundreds of corporate servers or a single home workstation, anyone who manages a computer needs to know how firewalls work and how to deploy them properly.

A firewall controls access to a local network, locking out intruders while keeping your systems--and your data--safe on the inside. The firewall capabilities built into Linux can also restrict outgoing network access, ensuring that your corporate secrets remain secret, even against an attack from inside a local network I'll go into further detail about this later; for now, it's enough to know that you can use a Linux firewall to identify and control access to any computer with an IP address

Just The Facts: Linux Firewall Basics
The world of Linux firewall access depends on the interactions between three main players: netfilter, a subsystem in the Linux kernel that analyzes and filters IP data packets; iptables, a tool for managing and applying the rulesets that apply these packet filters; and hardware such as the eth0 device or an attached modem-*. The firewall software itself is defined as the interaction between input and output queues, transformation queues (there may be many other queues), and a rule base that further defines such interaction between queues.

It's not enough simply to attach a computer to a network connection; it also needs the right software to process arriving and outgoing data packets. A firewall controls this processing, applying pertinent rules and dictating what happens to a packet as a result. As a rule, a firewall may do three things with a packet: accept it and pass it onwards; accept it but refuse to pass it along or even respond to the sender ("dropping" the packet); or refuse to pass it while also returning a failure code/packet to the sender.

Playing By The Rules: Iptable Packet Analysis
What makes a rule pertinent to a particular packet? It all depends on whether a rule matches a packet's characteristics: its source or destination, data type, the user who owns the process that generated the packet, and a zillion other examples, most of which are rather technical and rarely used. Rules can be very specific: They may allow a packet to join the output queue, for example, only if it's targeted to a specific gateway machine, is of a particular type such as tcp or udp, came from a user named "fred", and so forth.

Related Reading

More data-protection Insights