LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/nag2/x-087-2-firewall.html

389 lines
7.5 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>TCP/IP Firewall</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="More Advanced PPP Configurations"
HREF="x7297.html"><LINK
REL="NEXT"
TITLE="Methods of Attack"
HREF="x-082-2-firewall.attacks.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x7297.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-082-2-firewall.attacks.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="X-087-2-FIREWALL"
>Chapter 9. TCP/IP Firewall</A
></H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>9.1. <A
HREF="x-082-2-firewall.attacks.html"
>Methods of Attack</A
></DT
><DT
>9.2. <A
HREF="x-087-2-firewall.introduction.html"
>What Is a Firewall?</A
></DT
><DT
>9.3. <A
HREF="x-087-2-firewall.filtering.html"
>What Is IP Filtering?</A
></DT
><DT
>9.4. <A
HREF="x-087-2-firewall.howto.html"
>Setting Up Linux for Firewalling</A
></DT
><DD
><DL
><DT
>9.4.1. <A
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.KERNEL"
>Kernel Configured with IP Firewall</A
></DT
><DT
>9.4.2. <A
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPFWADM"
>The ipfwadm Utility</A
></DT
><DT
>9.4.3. <A
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPCHAINS"
>The ipchains Utility</A
></DT
><DT
>9.4.4. <A
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPTABLES"
>The iptables Utility</A
></DT
></DL
></DD
><DT
>9.5. <A
HREF="x-087-2-firewall.filteringmethods.html"
>Three Ways We Can Do Filtering</A
></DT
><DT
>9.6. <A
HREF="x-087-2-firewall.original.html"
>Original IP Firewall (2.0 Kernels)</A
></DT
><DD
><DL
><DT
>9.6.1. <A
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.USINGIPFWADM"
>Using ipfwadm</A
></DT
><DT
>9.6.2. <A
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.COMPLEXEXAMPLE"
>A More Complex Example</A
></DT
><DT
>9.6.3. <A
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.IPFWADMARGS"
>Summary of ipfwadm Arguments</A
></DT
></DL
></DD
><DT
>9.7. <A
HREF="x-087-2-firewall.fwchains.html"
>IP Firewall Chains (2.2 Kernels)</A
></DT
><DD
><DL
><DT
>9.7.1. <A
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.USINGIPCHAINS"
>Using ipchains</A
></DT
><DT
>9.7.2. <A
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.IPCHAINS.SYNTAX"
>ipchains Command Syntax</A
></DT
><DT
>9.7.3. <A
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.SIMPLEEXAMPLE.AGAIN"
>Our Na<4E>ve Example Revisited</A
></DT
><DT
>9.7.4. <A
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.LISTING.AGAIN"
>Listing Our Rules with ipchains</A
></DT
><DT
>9.7.5. <A
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.IPCHAINSYAY"
>Making Good Use of Chains</A
></DT
></DL
></DD
><DT
>9.8. <A
HREF="x-087-2-firewall.future.html"
>Netfilter and IP Tables (2.4 Kernels)</A
></DT
><DD
><DL
><DT
>9.8.1. <A
HREF="x-087-2-firewall.future.html#AEN8603"
>Backward Compatability with ipfwadmand ipchains</A
></DT
><DT
>9.8.2. <A
HREF="x-087-2-firewall.future.html#X-087-2-FIREWALL.USINGIPTABLES"
>Using iptables</A
></DT
><DT
>9.8.3. <A
HREF="x-087-2-firewall.future.html#AEN8900"
>Our Na<4E>ve Example Revisited, Yet Again</A
></DT
></DL
></DD
><DT
>9.9. <A
HREF="x-087-2-firewall.tos.manipulation.html"
>TOS Bit Manipulation</A
></DT
><DD
><DL
><DT
>9.9.1. <A
HREF="x-087-2-firewall.tos.manipulation.html#AEN8961"
>Setting the TOS Bits Using ipfwadm or ipchains</A
></DT
><DT
>9.9.2. <A
HREF="x-087-2-firewall.tos.manipulation.html#AEN9022"
>Setting the TOS Bits Using iptables</A
></DT
></DL
></DD
><DT
>9.10. <A
HREF="x-087-2-firewall.checkingconf.html"
>Testing a
Firewall Configuration</A
></DT
><DT
>9.11. <A
HREF="x-087-2-firewall.example.html"
>A Sample Firewall Configuration</A
></DT
></DL
></DIV
><P
>&#13;
Security is increasingly important for companies and individuals alike.
The Internet has provided them with a powerful tool to distribute information
about themselves and obtain information from others, but it has
also exposed them to dangers that they have previously been exempt from.
Computer crime, information theft, and malicious damage are all potential
dangers.</P
><P
>An unauthorized and unscrupulous person who gains access to
a computer system may guess system passwords or
exploit the bugs and idiosyncratic behavior of certain programs to obtain
a working account on that machine. Once they are able to log in to the
machine, they may have access to information that may be damaging, such as
commercially sensitive information like marketing plans,
new project details, or customer information databases. Damaging or modifying
this type of data can cause severe setbacks to the company.</P
><P
>The safest way to avoid such widespread damage is to prevent unauthorized
people from gaining network access to the machine. This is where firewalls
come in.</P
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
BORDER="1"
WIDTH="100%"
><TR
><TD
ALIGN="CENTER"
><B
>Warning</B
></TD
></TR
><TR
><TD
ALIGN="LEFT"
><P
>&#13;Constructing secure firewalls is an art. It involves a good understanding
of technology, but equally important, it requires an understanding
of the philosophy behind firewall designs. We won't cover
everything you need to know in this book; we strongly recommend you
do some additional research before trusting any particular firewall design,
including any we present here.</P
></TD
></TR
></TABLE
></DIV
><P
>There is enough material on firewall configuration and design
to fill a whole book, and indeed there are some good resources that you might
like to read to expand your knowledge on the subject. Two of these are:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><I
CLASS="EMPHASIS"
>Building Internet Firewalls</I
></DT
><DD
><P
>by D. Chapman and E. Zwicky (O'Reilly). A guide
explaining how to design and install firewalls for Unix, Linux, and
Windows NT, and how to configure Internet services to work with the
firewalls.</P
></DD
><DT
><I
CLASS="EMPHASIS"
>Firewalls and Internet Security</I
></DT
><DD
><P
>by W. Cheswick and S. Bellovin (Addison Wesley). This book covers the
philosophy of firewall design and implementation.</P
></DD
></DL
></DIV
></P
><P
>We will focus on the Linux-specific technical issues in this chapter. Later
we will present a sample firewall configuration that should serve as a useful
starting point in your own configuration, but as with all security-related
matters, trust no one. Double check the design, make sure you understand it,
and then modify it to suit your requirements. To be safe, be sure.</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x7297.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-082-2-firewall.attacks.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>More Advanced PPP Configurations</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Methods of Attack</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink