Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Building a Robust Linux Security Solution: Page 2 of 15

Let’s take a closer look at the building blocks that make up a complete Linux security system and see how all the pieces fit together to secure the enterprise network.


While a good perimeter defense system spans multiple layers, the Network (IP) layer often remains the most vulnerable. From its inception, the Linux kernel was implemented to support filtering of both incoming and outgoing IP packets, based on a user-specified set of access-control rules.

utility lets the Linux system administrator interact with the kernel to specify these rules. The name “chains” refers to the sequential nature in which the kernel consults rules belonging to the same chain. The
syntax is succinct and intuitive. For example, if you want to accept all outbound traffic while restricting inbound traffic to SMTP only, you would use the following statements:

% ipchains -A output -s –I eth0 -j ACCEPT

% ipchains -A input -p TCP -dport 25 –I eth0 -j ACCEPT

% ipchains –A
output –I eth0 –j DENY

% ipchains –A input –I eth0 –j DENY

The first line issues a directive to modify the output chain to accept packets whose source addresses are in the network block (the local network) to go out the first Ethernet interface,
Conversely, the second line instructs the kernel to accept incoming traffic from any source (no

switch is present), as long as the destination TCP port number (
) is the one that corresponds to SMTP (
). The third and fourth lines simply declare a “deny-all” stance, where the default action is to block all traffic on all chains unless otherwise permitted by a previous rule. I strongly recommend that you adopt a similar strategy.