Block
Are you looking to get certified in DevOps, SRE and DevSecOps?
LET'S TALK
DevOps
Get Certified!
SRE
Ahead from others!
DevSecOps
Security is Key
Kubernetes
Tomorow's Platform!
Linux

Complete Referance of Firewalls in Linux Security

September 18, 2021 comments off
  • Introduction to Firewalls
  • IP Tables
  • Dedicated Linux Firewalls

Introduction to Firewalls

  • Firewalls protect network perimeters
  • Not total security solution, but important part of defense in depth strategy
  • Firewalls act as traffic cops
  • Allow only traffic that meets specific requirements is allowed to pass through
  • Can filter on port, protocol, address, or established connection
  • Higher level firwalls also filter on packet contents(application-level firewall)
  • Linux has several built-in firewall capabilities
  • Can act as a host-based firewall
  • Can act as a dedicated enterprise-level firewall
  • Can take adantage of older, recycled hardware
  • Built-in firewalls include IPChains and IPTables
  • Dedicted firewalls include IPCop and Smoothwall

IPTables

  • Replaces older IPChains firewall in Linux
  • Available since 2.4 kernel
  • Allows configuration of built-in firewall rules for host-based protection
  • Stateful packet filtering firewall
  • Can filter based upon source IP address, protocol, port, and connection state
  • Can filter based upon MAC address
  • Can also filter out malformed packets based upon TCP flags set in packet
  • Packets enter host and are processed through one of 3 ‘tables’:
  • ‘mangle’ table – responsible for changing QOS bits in packet
  • ‘filter’ table – contains 3 ‘chains’ used to process traffic
  • ‘nat’ table – used to manage changing packet’s source or destination address when using NAT
  • ‘nat’ table has 2 chains:
  • Pre-routing(changes destination address)
  • Post-routing(changes source address)
  • Packets entering ‘filter’ table go through 3 ‘chains’ to determine where packets are sent to:
  • INPUT chain is for packets destined for host
  • FORWARD chain is for packets destined for other hosts on network
  • Forwarding must be enabled and route must be available for packets to traverse FORWARD chain – usually multiple interfaces on box(router)
  • OUTPUT chain is result of program on local machine generating traffic and packets sent outbound from host
  • Once correct chain is determined, traffic is subject to user-defined rules for chain
  • Rules are checked in order they were entered until a match is found
  • If no matches found, packet processed through default chain rule
  • Log(packet is logged in syslogd)
  • DNAT(processed through NAT table for destination address change)
  • SNAT(processed through NAT table for source address change)
  • IPTables configured through ‘iptables’ command
  • Can be configured through graphical ‘Webmin’ interface

Dedicated Linux Firewalls

  • Dedicated Linux appliances serve as enterprise firewalls
  • Usaually specially configured kernel with only necessary services to provide firewall,NAT, and VPN services
  • Can be motherboard-embedded or disk
  • Two popular dedicated firewall solutions include Smoothwall and IPCop
  • Small distributions that are very lean
  • Easily installed
  • Uses lower-end equipment that can be reused
  • Both managed through web interface
  • Provide dedicated solutions for firewall, routing, VPN, and NAT
  • Updaeable over web
  • Several other solutions exist as well
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)