Implementing a Basic Firewall
Sometimes
you may want a host to provide certain services to only local clients
or clients on other hosts of a network that you control. If your
network is connected to the Internet, you can use a
firewall to prevent undesired access to
services. A Linux firewall depends on certain kernel facilities to
examine incoming and outgoing packets. Packets that fail to pass
specified rules can be rejected, preventing undesired access to
private services.
A related facility, known as
IP masquerading, lets hosts on a network connect
to the Internet via a host known as the masquerading
host. All packets from the network seem to the outside
host to have come from the masquerading host. IP masquerading lets
you:
Prevent outside access to services offered on a private network
Hide the structure of private networks
Conserve IP addresses by assigning freely usable reserved IP addresses to masqueraded hosts
Configuring the Firewall
At installation time, Red Hat Linux lets you configure a firewall for your system; however, you can reconfigure the firewall after installation. For a firewall to be secure and flexible, customization is almost always required. However, customizing a firewall requires an understanding of the ports and protocols used by each running service, an expertise that generally requires considerable time to achieve. To learn more about services, ports, and protocols, see the resources described at the end of this chapter.
To configure a firewall, ...
Get Learning Red Hat Linux, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
