Configuring Linux as a Firewall

Configuring Linux as a Firewall

* Making installation choices
* Introducing iptables
* Using iptables commands
* Simplifying things with firewall GUIs
* Adding proxy functionality

As Linux gains increasing acceptance in corporate datacenters and
other places, more and more people are discovering something that
Linux enthusiasts have known for a long time: Linux has built-in
firewall features that allow an administrator to build a firewall.
Recent versions of Linux generally ship with at least basic firewall
capabilities, and several Linux versions include even more advanced
features. Because Linux is open source software, and because it has
only minimal hardware requirements, you can build a Linux-based
firewall relatively inexpensively. Be forewarned, though – doing so
does require some knowledge of Linux and how it fits into the
networking scheme of things.
Making Installation Choices

To use the firewall built into Linux, you should make sure that the
operating system you install includes iptables functionality. Iptables
is the most popular Linux firewall, and this chapter covers it in
detail. Fortunately, most Linux distributions do this by default, so
you probably don’t have to worry about this.

Before you install Linux, make sure that all your network cards and
any modem that you may use are installed in your computer. Generally,
it’s much easier to have all your hardware in place before installing
your Linux software than it is to install Linux first and then try to
get Linux to recognize all the hardware stuff after the fact.

Red Hat Linux, in its ongoing effort to be top dog in the Linux field,
goes one step further along the customer satisfaction road by giving
you a choice of configuring the firewall during installation. One of
the screens that you see during the installation procedure is shown in
Figure 1. The choices you see on this screen are good starting points,
whether you are just setting up a personal computer, or whether you
are planning to configure a corporate firewall. Of course, when you
are indeed configuring a dedicated firewall, you will have to perform
some additional configuration after the installation is complete.

If you are using another distribution, just skip this section and go
on to the section on iptables. The process of configuring the firewall
after installation is virtually identical in all Linux distributions.
Let’s look at each of the available choices:

_ Off: This option does just what its name implies: It configures
Linux to allow all network traffic to enter or leave the computer.
Obviously, this is not an appropriate setting for a firewall unless
you want to do all your configuring at some later point. (No, deciding
just to skip this whole firewall business is not an option. Need to
reread Chapter 1?)

_ Medium: This is an appropriate choice if you want to use Linux as a
personal firewall or if you are installing a server that performs
limited functions, such as a Web server. When you select this option,
Linux configures iptables to allow certain types of traffic into your
computer. You can specify which types of traffic are allowed; for
example, you can disable HTTP traffic or allow SMTP traffic. One of
the limitations of the Red Hat setup program is that it can only
perform very simple firewall configuration tasks for you. Keep in mind
that you can add or remove rules later, but if you already know which
traffic you want to allow and which traffic you want to block, you can
easily configure this during setup.

_ High: When you select this option, you enable and configure the
iptables firewall to block all traffic. This is the configuration that
you should choose when you install a dedicated firewall. Best
practices dictate that you configure your firewall to drop all network
traffic unless you specifically allow it. Choosing this option gives
you this starting configuration; you get to do all the other
configuration steps after the operating system installation is

Read the complate article at

On Sat, Mar 1, 2008 at 9:39 AM, [email protected] wrote:

Red Hat Linux, in its ongoing effort to be top dog in

…unsolicited advertising?