389 lines
7.5 KiB
HTML
389 lines
7.5 KiB
HTML
<HTML
|
||
><HEAD
|
||
><TITLE
|
||
>TCP/IP Firewall</TITLE
|
||
><META
|
||
NAME="GENERATOR"
|
||
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
||
REL="HOME"
|
||
TITLE="Linux Network Administrators Guide"
|
||
HREF="index.html"><LINK
|
||
REL="PREVIOUS"
|
||
TITLE="More Advanced PPP Configurations"
|
||
HREF="x7297.html"><LINK
|
||
REL="NEXT"
|
||
TITLE="Methods of Attack"
|
||
HREF="x-082-2-firewall.attacks.html"></HEAD
|
||
><BODY
|
||
CLASS="CHAPTER"
|
||
BGCOLOR="#FFFFFF"
|
||
TEXT="#000000"
|
||
LINK="#0000FF"
|
||
VLINK="#840084"
|
||
ALINK="#0000FF"
|
||
><DIV
|
||
CLASS="NAVHEADER"
|
||
><TABLE
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TH
|
||
COLSPAN="3"
|
||
ALIGN="center"
|
||
>Linux Network Administrators Guide</TH
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="left"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="x7297.html"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="80%"
|
||
ALIGN="center"
|
||
VALIGN="bottom"
|
||
></TD
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="right"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="x-082-2-firewall.attacks.html"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"></DIV
|
||
><DIV
|
||
CLASS="CHAPTER"
|
||
><H1
|
||
><A
|
||
NAME="X-087-2-FIREWALL"
|
||
>Chapter 9. TCP/IP Firewall</A
|
||
></H1
|
||
><DIV
|
||
CLASS="TOC"
|
||
><DL
|
||
><DT
|
||
><B
|
||
>Table of Contents</B
|
||
></DT
|
||
><DT
|
||
>9.1. <A
|
||
HREF="x-082-2-firewall.attacks.html"
|
||
>Methods of Attack</A
|
||
></DT
|
||
><DT
|
||
>9.2. <A
|
||
HREF="x-087-2-firewall.introduction.html"
|
||
>What Is a Firewall?</A
|
||
></DT
|
||
><DT
|
||
>9.3. <A
|
||
HREF="x-087-2-firewall.filtering.html"
|
||
>What Is IP Filtering?</A
|
||
></DT
|
||
><DT
|
||
>9.4. <A
|
||
HREF="x-087-2-firewall.howto.html"
|
||
>Setting Up Linux for Firewalling</A
|
||
></DT
|
||
><DD
|
||
><DL
|
||
><DT
|
||
>9.4.1. <A
|
||
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.KERNEL"
|
||
>Kernel Configured with IP Firewall</A
|
||
></DT
|
||
><DT
|
||
>9.4.2. <A
|
||
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPFWADM"
|
||
>The ipfwadm Utility</A
|
||
></DT
|
||
><DT
|
||
>9.4.3. <A
|
||
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPCHAINS"
|
||
>The ipchains Utility</A
|
||
></DT
|
||
><DT
|
||
>9.4.4. <A
|
||
HREF="x-087-2-firewall.howto.html#X-087-2-FIREWALL.HOWTO.IPTABLES"
|
||
>The iptables Utility</A
|
||
></DT
|
||
></DL
|
||
></DD
|
||
><DT
|
||
>9.5. <A
|
||
HREF="x-087-2-firewall.filteringmethods.html"
|
||
>Three Ways We Can Do Filtering</A
|
||
></DT
|
||
><DT
|
||
>9.6. <A
|
||
HREF="x-087-2-firewall.original.html"
|
||
>Original IP Firewall (2.0 Kernels)</A
|
||
></DT
|
||
><DD
|
||
><DL
|
||
><DT
|
||
>9.6.1. <A
|
||
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.USINGIPFWADM"
|
||
>Using ipfwadm</A
|
||
></DT
|
||
><DT
|
||
>9.6.2. <A
|
||
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.COMPLEXEXAMPLE"
|
||
>A More Complex Example</A
|
||
></DT
|
||
><DT
|
||
>9.6.3. <A
|
||
HREF="x-087-2-firewall.original.html#X-087-2-FIREWALL.IPFWADMARGS"
|
||
>Summary of ipfwadm Arguments</A
|
||
></DT
|
||
></DL
|
||
></DD
|
||
><DT
|
||
>9.7. <A
|
||
HREF="x-087-2-firewall.fwchains.html"
|
||
>IP Firewall Chains (2.2 Kernels)</A
|
||
></DT
|
||
><DD
|
||
><DL
|
||
><DT
|
||
>9.7.1. <A
|
||
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.USINGIPCHAINS"
|
||
>Using ipchains</A
|
||
></DT
|
||
><DT
|
||
>9.7.2. <A
|
||
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.IPCHAINS.SYNTAX"
|
||
>ipchains Command Syntax</A
|
||
></DT
|
||
><DT
|
||
>9.7.3. <A
|
||
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.SIMPLEEXAMPLE.AGAIN"
|
||
>Our Na<4E>ve Example Revisited</A
|
||
></DT
|
||
><DT
|
||
>9.7.4. <A
|
||
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.LISTING.AGAIN"
|
||
>Listing Our Rules with ipchains</A
|
||
></DT
|
||
><DT
|
||
>9.7.5. <A
|
||
HREF="x-087-2-firewall.fwchains.html#X-087-2-FIREWALL.IPCHAINSYAY"
|
||
>Making Good Use of Chains</A
|
||
></DT
|
||
></DL
|
||
></DD
|
||
><DT
|
||
>9.8. <A
|
||
HREF="x-087-2-firewall.future.html"
|
||
>Netfilter and IP Tables (2.4 Kernels)</A
|
||
></DT
|
||
><DD
|
||
><DL
|
||
><DT
|
||
>9.8.1. <A
|
||
HREF="x-087-2-firewall.future.html#AEN8603"
|
||
>Backward Compatability with ipfwadmand ipchains</A
|
||
></DT
|
||
><DT
|
||
>9.8.2. <A
|
||
HREF="x-087-2-firewall.future.html#X-087-2-FIREWALL.USINGIPTABLES"
|
||
>Using iptables</A
|
||
></DT
|
||
><DT
|
||
>9.8.3. <A
|
||
HREF="x-087-2-firewall.future.html#AEN8900"
|
||
>Our Na<4E>ve Example Revisited, Yet Again</A
|
||
></DT
|
||
></DL
|
||
></DD
|
||
><DT
|
||
>9.9. <A
|
||
HREF="x-087-2-firewall.tos.manipulation.html"
|
||
>TOS Bit Manipulation</A
|
||
></DT
|
||
><DD
|
||
><DL
|
||
><DT
|
||
>9.9.1. <A
|
||
HREF="x-087-2-firewall.tos.manipulation.html#AEN8961"
|
||
>Setting the TOS Bits Using ipfwadm or ipchains</A
|
||
></DT
|
||
><DT
|
||
>9.9.2. <A
|
||
HREF="x-087-2-firewall.tos.manipulation.html#AEN9022"
|
||
>Setting the TOS Bits Using iptables</A
|
||
></DT
|
||
></DL
|
||
></DD
|
||
><DT
|
||
>9.10. <A
|
||
HREF="x-087-2-firewall.checkingconf.html"
|
||
>Testing a
|
||
Firewall Configuration</A
|
||
></DT
|
||
><DT
|
||
>9.11. <A
|
||
HREF="x-087-2-firewall.example.html"
|
||
>A Sample Firewall Configuration</A
|
||
></DT
|
||
></DL
|
||
></DIV
|
||
><P
|
||
>
|
||
|
||
Security is increasingly important for companies and individuals alike.
|
||
The Internet has provided them with a powerful tool to distribute information
|
||
about themselves and obtain information from others, but it has
|
||
also exposed them to dangers that they have previously been exempt from.
|
||
Computer crime, information theft, and malicious damage are all potential
|
||
dangers.</P
|
||
><P
|
||
>An unauthorized and unscrupulous person who gains access to
|
||
a computer system may guess system passwords or
|
||
exploit the bugs and idiosyncratic behavior of certain programs to obtain
|
||
a working account on that machine. Once they are able to log in to the
|
||
machine, they may have access to information that may be damaging, such as
|
||
commercially sensitive information like marketing plans,
|
||
new project details, or customer information databases. Damaging or modifying
|
||
this type of data can cause severe setbacks to the company.</P
|
||
><P
|
||
>The safest way to avoid such widespread damage is to prevent unauthorized
|
||
people from gaining network access to the machine. This is where firewalls
|
||
come in.</P
|
||
><DIV
|
||
CLASS="WARNING"
|
||
><P
|
||
></P
|
||
><TABLE
|
||
CLASS="WARNING"
|
||
BORDER="1"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
ALIGN="CENTER"
|
||
><B
|
||
>Warning</B
|
||
></TD
|
||
></TR
|
||
><TR
|
||
><TD
|
||
ALIGN="LEFT"
|
||
><P
|
||
> Constructing secure firewalls is an art. It involves a good understanding
|
||
of technology, but equally important, it requires an understanding
|
||
of the philosophy behind firewall designs. We won't cover
|
||
everything you need to know in this book; we strongly recommend you
|
||
do some additional research before trusting any particular firewall design,
|
||
including any we present here.</P
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
></DIV
|
||
><P
|
||
>There is enough material on firewall configuration and design
|
||
to fill a whole book, and indeed there are some good resources that you might
|
||
like to read to expand your knowledge on the subject. Two of these are:
|
||
<P
|
||
></P
|
||
><DIV
|
||
CLASS="VARIABLELIST"
|
||
><DL
|
||
><DT
|
||
><I
|
||
CLASS="EMPHASIS"
|
||
>Building Internet Firewalls</I
|
||
></DT
|
||
><DD
|
||
><P
|
||
>by D. Chapman and E. Zwicky (O'Reilly). A guide
|
||
explaining how to design and install firewalls for Unix, Linux, and
|
||
Windows NT, and how to configure Internet services to work with the
|
||
firewalls.</P
|
||
></DD
|
||
><DT
|
||
><I
|
||
CLASS="EMPHASIS"
|
||
>Firewalls and Internet Security</I
|
||
></DT
|
||
><DD
|
||
><P
|
||
>by W. Cheswick and S. Bellovin (Addison Wesley). This book covers the
|
||
philosophy of firewall design and implementation.</P
|
||
></DD
|
||
></DL
|
||
></DIV
|
||
></P
|
||
><P
|
||
>We will focus on the Linux-specific technical issues in this chapter. Later
|
||
we will present a sample firewall configuration that should serve as a useful
|
||
starting point in your own configuration, but as with all security-related
|
||
matters, trust no one. Double check the design, make sure you understand it,
|
||
and then modify it to suit your requirements. To be safe, be sure.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="NAVFOOTER"
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"><TABLE
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="x7297.html"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="index.html"
|
||
>Home</A
|
||
></TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="x-082-2-firewall.attacks.html"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
>More Advanced PPP Configurations</TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
> </TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
>Methods of Attack</TD
|
||
></TR
|
||
></TABLE
|
||
></DIV
|
||
></BODY
|
||
></HTML
|
||
> |