Implementing a Basic Firewall

Sometimes you may want a host to provide certain services to only local clients or clients on other hosts of a network that you control. If your network is connected to the Internet, you can use a firewall to prevent undesired access to services. A Linux firewall depends on certain kernel facilities to examine incoming and outgoing packets. Packets that fail to pass specified rules can be rejected, preventing undesired access to private services.

A related facility, known as IP masquerading, lets hosts on a network connect to the Internet via a host known as the masquerading host. All packets from the network seem to the outside host to have come from the masquerading host. IP masquerading lets you:

  • Prevent outside access to services offered on a private network

  • Hide the structure of private networks

  • Conserve IP addresses by assigning freely usable reserved IP addresses to masqueraded hosts

Configuring the Firewall

At installation time, Red Hat Linux lets you configure a firewall for your system; however, you can reconfigure the firewall after installation. For a firewall to be secure and flexible, customization is almost always required. However, customizing a firewall requires an understanding of the ports and protocols used by each running service, an expertise that generally requires considerable time to achieve. To learn more about services, ports, and protocols, see the resources described at the end of this chapter.

To configure a firewall, ...

Get Learning Red Hat Linux, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.