Exposing any system, no matter how briefly, to an untrusted network is suicidal. A firewall, while not a 100% secure solution, is absolutely vital. The Linux world gives us an excellent firewall utility in netfilter/iptables. It is free and runs nicely . . .
Exposing any system, no matter how briefly, to an untrusted network is suicidal. A firewall, while not a 100% secure solution, is absolutely vital. The Linux world gives us an excellent firewall utility in netfilter/iptables. It is free and runs nicely on feeble old PCs. Netfilter/iptables is flexible, powerful, and enables fine-grained control of incoming and outgoing traffic. The two main functions this series will address are building firewalls and sharing Internet connections, which commonly go hand-in-hand. In Part 1 we'll cover basic concepts; Part 2 will offer examples of rulesets for various uses.

Netfilter/iptables is included with the 2.4/2.5 Linux kernel for firewall, network address translation (NAT), and packet mangling functions. Netfilter works inside the kernel, while iptables is the table structure for the user-defined rulesets. Netfilter/iptables is the descendant of our old friends ipchains and ipwadfm (IP firewall administration); for simplicity, let's call it iptables from this point forward.

Some other excellent uses for iptables are for building firewalls for individual Unix/Linux/BSD workstations and also for building firewalls for subnets to protect other platforms. It's free, so why not construct layers of defenses? Depending solely on a gateway firewall is not enough.

The link for this article located at CrossNodes is no longer available.