Implementing a Basic Firewall
Sometimes you may want a host to provide certain services to only local clients or clients on other hosts of a network that you control. If your network is connected to the Internet, you can use a firewall to prevent undesired access to services. A Linux firewall depends on certain kernel facilities to examine incoming and outgoing packets. Packets that fail to pass specified rules can be rejected, preventing undesired access to private services.
A related facility, known as IP masquerading, lets hosts on a network connect to the Internet via a host known as the masquerading host. All packets from the network seem to the outside host to have come from the masquerading host. IP masquerading lets you:
Prevent outside access to services offered on a private network
Hide the structure of private networks
Conserve IP addresses by assigning freely usable reserved IP addresses to masqueraded hosts
Configuring the Firewall
At installation time, Red Hat Linux lets you configure a firewall for your system; however, you can reconfigure the firewall after installation. For a firewall to be secure and flexible, customization is almost always required. However, customizing a firewall requires an understanding of the ports and protocols used by each running service, an expertise that generally requires considerable time to achieve. To learn more about services, ports, and protocols, see the resources described at the end of this chapter.
To configure a firewall, ...