Complete Referance of Firewalls in Linux Security

• Introduction to Firewalls
• IP Tables
• Dedicated Linux Firewalls

Introduction to Firewalls

• Firewalls protect network perimeters
• Not total security solution, but important part of defense in depth strategy
• Firewalls act as traffic cops
• Allow only traffic that meets specific requirements is allowed to pass through
• Can filter on port, protocol, address, or established connection
• Higher level firwalls also filter on packet contents(application-level firewall)
• Linux has several built-in firewall capabilities
• Can act as a host-based firewall
• Can act as a dedicated enterprise-level firewall
• Can take adantage of older, recycled hardware
• Built-in firewalls include IPChains and IPTables
• Dedicted firewalls include IPCop and Smoothwall

IPTables

• Replaces older IPChains firewall in Linux
• Available since 2.4 kernel
• Allows configuration of built-in firewall rules for host-based protection
• Stateful packet filtering firewall
• Can filter based upon source IP address, protocol, port, and connection state
• Can filter based upon MAC address
• Can also filter out malformed packets based upon TCP flags set in packet
• Packets enter host and are processed through one of 3 ‘tables’:
• ‘mangle’ table – responsible for changing QOS bits in packet
• ‘filter’ table – contains 3 ‘chains’ used to process traffic
• ‘nat’ table – used to manage changing packet’s source or destination address when using NAT
• ‘nat’ table has 2 chains:
• Pre-routing(changes destination address)
• Post-routing(changes source address)
• Packets entering ‘filter’ table go through 3 ‘chains’ to determine where packets are sent to:
• INPUT chain is for packets destined for host
• FORWARD chain is for packets destined for other hosts on network
• Forwarding must be enabled and route must be available for packets to traverse FORWARD chain – usually multiple interfaces on box(router)
• OUTPUT chain is result of program on local machine generating traffic and packets sent outbound from host
• Once correct chain is determined, traffic is subject to user-defined rules for chain
• Rules are checked in order they were entered until a match is found
• If no matches found, packet processed through default chain rule
• Log(packet is logged in syslogd)
• DNAT(processed through NAT table for destination address change)
• SNAT(processed through NAT table for source address change)
• IPTables configured through ‘iptables’ command
• Can be configured through graphical ‘Webmin’ interface

Dedicated Linux Firewalls

• Dedicated Linux appliances serve as enterprise firewalls
• Usaually specially configured kernel with only necessary services to provide firewall,NAT, and VPN services
• Can be motherboard-embedded or disk
• Two popular dedicated firewall solutions include Smoothwall and IPCop
• Small distributions that are very lean
• Easily installed
• Uses lower-end equipment that can be reused
• Both managed through web interface
• Provide dedicated solutions for firewall, routing, VPN, and NAT
• Updaeable over web
• Several other solutions exist as well

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Rajesh Kumar DailyLogs