Complete Referance of Firewalls in Linux Security

Posted by

  • Introduction to Firewalls
  • IP Tables
  • Dedicated Linux Firewalls

Introduction to Firewalls

  • Firewalls protect network perimeters
  • Not total security solution, but important part of defense in depth strategy
  • Firewalls act as traffic cops
  • Allow only traffic that meets specific requirements is allowed to pass through
  • Can filter on port, protocol, address, or established connection
  • Higher level firwalls also filter on packet contents(application-level firewall)
  • Linux has several built-in firewall capabilities
  • Can act as a host-based firewall
  • Can act as a dedicated enterprise-level firewall
  • Can take adantage of older, recycled hardware
  • Built-in firewalls include IPChains and IPTables
  • Dedicted firewalls include IPCop and Smoothwall

IPTables

  • Replaces older IPChains firewall in Linux
  • Available since 2.4 kernel
  • Allows configuration of built-in firewall rules for host-based protection
  • Stateful packet filtering firewall
  • Can filter based upon source IP address, protocol, port, and connection state
  • Can filter based upon MAC address
  • Can also filter out malformed packets based upon TCP flags set in packet
  • Packets enter host and are processed through one of 3 ‘tables’:
  • ‘mangle’ table – responsible for changing QOS bits in packet
  • ‘filter’ table – contains 3 ‘chains’ used to process traffic
  • ‘nat’ table – used to manage changing packet’s source or destination address when using NAT
  • ‘nat’ table has 2 chains:
  • Pre-routing(changes destination address)
  • Post-routing(changes source address)
  • Packets entering ‘filter’ table go through 3 ‘chains’ to determine where packets are sent to:
  • INPUT chain is for packets destined for host
  • FORWARD chain is for packets destined for other hosts on network
  • Forwarding must be enabled and route must be available for packets to traverse FORWARD chain – usually multiple interfaces on box(router)
  • OUTPUT chain is result of program on local machine generating traffic and packets sent outbound from host
  • Once correct chain is determined, traffic is subject to user-defined rules for chain
  • Rules are checked in order they were entered until a match is found
  • If no matches found, packet processed through default chain rule
  • Log(packet is logged in syslogd)
  • DNAT(processed through NAT table for destination address change)
  • SNAT(processed through NAT table for source address change)
  • IPTables configured through ‘iptables’ command
  • Can be configured through graphical ‘Webmin’ interface

Dedicated Linux Firewalls

  • Dedicated Linux appliances serve as enterprise firewalls
  • Usaually specially configured kernel with only necessary services to provide firewall,NAT, and VPN services
  • Can be motherboard-embedded or disk
  • Two popular dedicated firewall solutions include Smoothwall and IPCop
  • Small distributions that are very lean
  • Easily installed
  • Uses lower-end equipment that can be reused
  • Both managed through web interface
  • Provide dedicated solutions for firewall, routing, VPN, and NAT
  • Updaeable over web
  • Several other solutions exist as well