The firewall scripts files
The tool ipchains allows you to set up firewalls, IP masquerading, etc. Ipchains talks to the kernel and tells it what packets to filter. Therefore all your firewall setups are stored in the kernel, and thus will be lost on reboot. To avoid this, we recommend using the System V init scripts to make your rules permanent. To do this, create a firewall script file like shown below in your 7etc/rc.d/init.d/” directory for each servers you have. (Далее…)
Some explanation of rules used in the firewall script files
The following is an explanation of a few of the rules that will be used in the Firewalling examples below. This is shown just as a reference, the firewall scripts are well commented and very easy to modify. (Далее…)
Build a kernel with IPCHAINS Firewall support
The first thing you need to do is ensure that your kernel has been built with Network Firewall support enabled and Firewalling. Remember, all servers should be configured to block unused ports, even if there are not a firewall server. In the 2.2.14 kernel version you need to be sure that you have answered Y to the following questions: (Далее…)
What is a Network Firewall Security Policy?
Network firewall security policy defines those services that will be explicitly allowed or denied, how these services will be used and the exceptions to these rules. An organization’s overall security policy must be determined according to security and business-need analysis. Since a firewall relates to network security alone, a firewall has little value unless the overall security policy is properly defined. Every rule in the network firewall security policy should be implemented on a firewall. Generally, a firewall uses one of the following methods.
Everything not specifically permitted is denied (Далее…)
Networking Firewall.Linux IPCHAINS
Overview
Can someone tell me why I might want something like a commercial firewall product rather than simply using Ipchains and restricting certain packets? What am I losing by using Ipchains? Now, there is undoubtedly room for debate on this, Ipchains is as good, and most of the time better, than commercial firewall packages from a functionality and support standpoint. (Далее…)