Some explanation of rules used in the firewall script files
The following is an explanation of a few of the rules that will be used in the Firewalling examples below. This is shown just as a reference, the firewall scripts are well commented and very easy to modify.
Constants used in the firewall scripts files examples
Constants are used for most values. The most basic constants are:
EXTERNALJNTERFACE
This is the name of the external network interface to the Internet. It’s defined as ethO in the
examples.
LOCAL_INTERFACE_ 1
This is the name of the internal network interface to the LAN, if any. It’s defined as ethl in the
examples.
LOOPBACKJNTERFACE
This is the name of the loopback interface. It’s defined as lo in the examples.
IPADDR
This is the IP address of your external interface. It’s either a static IP address registered with
InterNIC, or else a dynamically assigned address from your ISP (usually via DHCP).
L0CALNET_1
This is your LAN network address, if any - the entire range of IP addresses used by the machines on your LAN. These may be statically assigned, or you might run a local DHCP server to assign them. In these examples, the range is 192.168.1.0/24, part of the Class C private address range.
ANYWHERE
Anywhere is a label for an address used by ipchains to match any (non-broadcast) address.
Both programs provide any/0 as a label for this address, which is 0.0.0.0/0.
NAMESERVER_1
This is the IP address of your Primary DNS Server from your network or your ISP.
NAMESERVER_2
This is the IP address of your Secondary DNS Server from your network or your ISP.
MYJSP
This is your ISP & NOC address range. The value you specify here is used by the firewall to allow ICMP ping request and traceroute. If you don’t specify an IP address range, then you will not be able to ping the Internet from your internal network.
LOOPBACK
The loopback address range is 127.0.0.0/8. The interface itself is addressed as 127.0.0.1 (in
/etc/hosts).
PRIVPORTS